From 873ccd145325d27535b691fb80243265f5c7b9bf Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C4=8Ceslav=20Przywara?= Date: Mon, 29 Jul 2024 12:34:16 +0200 Subject: [PATCH] Implement new rule for bad request banner targeting ASP files Fixes #161. --- CHANGELOG.md | 1 + .../BadRequestsBanner/BuiltInRules.php | 9 ++++++ .../BadRequestsBanner/BuiltInRulesTest.php | 31 +++++++++++++++++++ 3 files changed, 41 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 1d5d8a3..09c12f4 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -7,6 +7,7 @@ WordPress 6.4 or newer is now required! ### Added * Disable autoloading of plugin options when plugin is deactivated [#160](https://github.com/chesio/bc-security/issues/160). +* New built-in rule for bad request banner module that triggers when non-existing `.asp` or `.aspx` file is accessed [#161](https://github.com/chesio/bc-security/issues/161). * Plugin has been tested with WordPress 6.6 [#157](https://github.com/chesio/bc-security/issues/157). ### Changed diff --git a/classes/BlueChip/Security/Modules/BadRequestsBanner/BuiltInRules.php b/classes/BlueChip/Security/Modules/BadRequestsBanner/BuiltInRules.php index 9177cf8..a533717 100644 --- a/classes/BlueChip/Security/Modules/BadRequestsBanner/BuiltInRules.php +++ b/classes/BlueChip/Security/Modules/BadRequestsBanner/BuiltInRules.php @@ -10,6 +10,10 @@ abstract class BuiltInRules private const ARCHIVE_FILES_PATTERN = '\.(tgz|zip)$'; + public const ASP_FILES = 'asp-files'; + + private const ASP_FILES_PATTERN = '\.aspx?$'; + public const BACKUP_FILES = 'backup-files'; private const BACKUP_FILES_PATTERN = 'backup|(\.(back|old|tmp)$)'; @@ -28,6 +32,11 @@ abstract class BuiltInRules public static function enlist(): array { return [ + self::ASP_FILES => new BanRule( + __('Non-existent ASP files', 'bc-security'), + self::ASP_FILES_PATTERN, + __('(any URI targeting file with .asp or .aspx extension)', 'bc-security') + ), self::PHP_FILES => new BanRule( __('Non-existent PHP files', 'bc-security'), self::PHP_FILES_PATTERN, diff --git a/tests/unit/src/Cases/Modules/BadRequestsBanner/BuiltInRulesTest.php b/tests/unit/src/Cases/Modules/BadRequestsBanner/BuiltInRulesTest.php index 2875d18..68c015b 100644 --- a/tests/unit/src/Cases/Modules/BadRequestsBanner/BuiltInRulesTest.php +++ b/tests/unit/src/Cases/Modules/BadRequestsBanner/BuiltInRulesTest.php @@ -17,6 +17,7 @@ public static function provideUris(): array 'data.tgz', [ BuiltInRules::ARCHIVE_FILES => true, + BuiltInRules::ASP_FILES => false, BuiltInRules::BACKUP_FILES => false, BuiltInRules::PHP_FILES => false, BuiltInRules::README_FILES => false, @@ -26,6 +27,7 @@ public static function provideUris(): array 'website-backup.zip', [ BuiltInRules::ARCHIVE_FILES => true, + BuiltInRules::ASP_FILES => false, BuiltInRules::BACKUP_FILES => true, BuiltInRules::PHP_FILES => false, BuiltInRules::README_FILES => false, @@ -35,6 +37,7 @@ public static function provideUris(): array 'wp-config.php.back', [ BuiltInRules::ARCHIVE_FILES => false, + BuiltInRules::ASP_FILES => false, BuiltInRules::BACKUP_FILES => true, BuiltInRules::PHP_FILES => false, BuiltInRules::README_FILES => false, @@ -44,6 +47,7 @@ public static function provideUris(): array 'script.php.old', [ BuiltInRules::ARCHIVE_FILES => false, + BuiltInRules::ASP_FILES => false, BuiltInRules::BACKUP_FILES => true, BuiltInRules::PHP_FILES => false, BuiltInRules::README_FILES => false, @@ -53,6 +57,7 @@ public static function provideUris(): array 'some/important/file.tmp', [ BuiltInRules::ARCHIVE_FILES => false, + BuiltInRules::ASP_FILES => false, BuiltInRules::BACKUP_FILES => true, BuiltInRules::PHP_FILES => false, BuiltInRules::README_FILES => false, @@ -62,6 +67,7 @@ public static function provideUris(): array 'wp-content/theme/dummy/styles.css', [ BuiltInRules::ARCHIVE_FILES => false, + BuiltInRules::ASP_FILES => false, BuiltInRules::BACKUP_FILES => false, BuiltInRules::PHP_FILES => false, BuiltInRules::README_FILES => false, @@ -71,6 +77,7 @@ public static function provideUris(): array 'plugin/non-existent/image.png', [ BuiltInRules::ARCHIVE_FILES => false, + BuiltInRules::ASP_FILES => false, BuiltInRules::BACKUP_FILES => false, BuiltInRules::PHP_FILES => false, BuiltInRules::README_FILES => false, @@ -80,6 +87,27 @@ public static function provideUris(): array 'wp-content/themes/dummy/script.js', [ BuiltInRules::ARCHIVE_FILES => false, + BuiltInRules::ASP_FILES => false, + BuiltInRules::BACKUP_FILES => false, + BuiltInRules::PHP_FILES => false, + BuiltInRules::README_FILES => false, + ], + ], + 'ASP file' => [ + 'backend.asp', + [ + BuiltInRules::ARCHIVE_FILES => false, + BuiltInRules::ASP_FILES => true, + BuiltInRules::BACKUP_FILES => false, + BuiltInRules::PHP_FILES => false, + BuiltInRules::README_FILES => false, + ], + ], + 'ASPx file' => [ + 'login.aspx', + [ + BuiltInRules::ARCHIVE_FILES => false, + BuiltInRules::ASP_FILES => true, BuiltInRules::BACKUP_FILES => false, BuiltInRules::PHP_FILES => false, BuiltInRules::README_FILES => false, @@ -89,6 +117,7 @@ public static function provideUris(): array '_wp-config.php', [ BuiltInRules::ARCHIVE_FILES => false, + BuiltInRules::ASP_FILES => false, BuiltInRules::BACKUP_FILES => false, BuiltInRules::PHP_FILES => true, BuiltInRules::README_FILES => false, @@ -98,6 +127,7 @@ public static function provideUris(): array 'humans.txt', [ BuiltInRules::ARCHIVE_FILES => false, + BuiltInRules::ASP_FILES => false, BuiltInRules::BACKUP_FILES => false, BuiltInRules::PHP_FILES => false, BuiltInRules::README_FILES => false, @@ -107,6 +137,7 @@ public static function provideUris(): array 'wp-content/plugins/some-plugin/readme.txt', [ BuiltInRules::ARCHIVE_FILES => false, + BuiltInRules::ASP_FILES => false, BuiltInRules::BACKUP_FILES => false, BuiltInRules::PHP_FILES => false, BuiltInRules::README_FILES => true,