8000 Google OAuth2 plugin · Issue #2232 · coreruleset/coreruleset · GitHub
[go: up one dir, main page]
More Web Proxy on the site http://driver.im/
Skip to content

Google OAuth2 plugin #2232

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
azurit opened this issue Oct 16, 2021 · 8 comments
Closed

Google OAuth2 plugin #2232

azurit opened this issue Oct 16, 2021 · 8 comments
Labels
PR available this issue is referenced by an active pull request 👍 Feature Request

Comments

@azurit
Copy link
Member
azurit commented Oct 16, 2021
edited
Loading

Motivation

Lots of users are reporting problems with Google OAuth2 callback requests as it's scope argument usually contains string .profile, which is triggering rule 930120. We already proposed a solution for this (see PRs #1958 and #2222) but i don't think that our core ruleset should contain bypasses for specific software and services.

Proposed solution

I suggest reworking this into an official plugin, which will contain 3 rules:

SecRule TX:GOOGLE_OAUTH2_CALLBACK_DETECTED "@eq 1" \
    "id:930052,\
    phase:2,\
    pass,\
    t:none,\
    nolog,\
    ctl:ruleRemoveTargetById=930120;ARGS:scope"

Prototype of this plugin is ready.
@azurit azurit mentioned this issue Oct 16, 2021
Closed
@dune73
Copy link
Member
dune73 commented Nov 15, 2021

Linking #2212 where another .profile case is documented.

I'm adding this to the agenda for tonight's issue chat.

@dune73 dune73 mentioned this issue Nov 15, 2021
Closed
@fzipi fzipi mentioned this issue Dec 5, 2021
Closed
@dune73
Copy link
Member
dune73 commented Dec 20, 2021

It was decided, that this will be covered in a plugin. Now waiting for said plugin.

@azurit
Copy link
Member Author
azurit commented Jan 19, 2022

@dune73 Can you, please, create a new repository for this plugin? Probably with name google-oauth2-plugin. Thank you.

@dune73
Copy link
Member
dune73 commented Jan 19, 2022

Of course.

@dune73
Copy link
Member
dune73 commented Jan 19, 2022

https://github.com/coreruleset/google-oauth2-plugin

@dune73
Copy link
Member
dune73 commented Jan 19, 2022

Let me know if you want to change the description (top right) and GH does not grant you permissions.

@azurit
Copy link
Member Author
azurit commented Jan 27, 2022

Ready for review!

@azurit azurit mentioned this issue Jan 27, 2022
Merged
@azurit azurit added the PR available this issue is referenced by an active pull request label Jan 29, 2022
@azurit
Copy link
Member Author
azurit commented Feb 8, 2022

Plugin is ready: https://github.com/coreruleset/google-oauth2-plugin. Closing!

@azurit azurit closed this as completed Feb 8, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
PR available this issue is referenced by an active pull request 👍 Feature Request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@dune73 @azurit
0