From cf9520ab3e0d9d1fedb017bb4e35ce4e5d118ec7 Mon Sep 17 00:00:00 2001
From: Esad Cetiner <104706115+EsadCetiner@users.noreply.github.com>
Date: Mon, 18 Nov 2024 14:32:56 +1100
Subject: [PATCH 1/2] fix: renaming tagged faces in photos app

---
 plugins/nextcloud-rule-exclusions-before.conf |  3 +-
 .../9508953.yaml                              | 51 +++++++++++++++++++
 2 files changed, 53 insertions(+), 1 deletion(-)
 create mode 100644 tests/regression/nextcloud-rule-exclusions-plugin/9508953.yaml

diff --git a/plugins/nextcloud-rule-exclusions-before.conf b/plugins/nextcloud-rule-exclusions-before.conf
index dddcd9e..1da2218 100644
--- a/plugins/nextcloud-rule-exclusions-before.conf
+++ b/plugins/nextcloud-rule-exclusions-before.conf
@@ -2178,8 +2178,9 @@ SecRule REQUEST_FILENAME "@rx /remote\.php/dav/photos/[^/]+/(?:albums|sharedalbu
         setvar:'tx.allowed_request_content_type=%{tx.allowed_request_content_type} |text/plain|'"
 
 # Sorting photos based upon faces in Nextcloud Photos
+# Renaming tagged faces
 # Text/plain content is actually XML so we switch on XML parser for text/plain
-SecRule REQUEST_FILENAME "@rx /remote\.php/dav/recognize/[^/]+/faces/(?:[0-9]+/)?$" \
+SecRule REQUEST_FILENAME "@rx /remote\.php/dav/recognize/[^/]+/faces/(?:[^/]+/)?$" \
     "id:9508953,\
     phase:1,\
     pass,\
diff --git a/tests/regression/nextcloud-rule-exclusions-plugin/9508953.yaml b/tests/regression/nextcloud-rule-exclusions-plugin/9508953.yaml
new file mode 100644
index 0000000..e091bf3
--- /dev/null
+++ b/tests/regression/nextcloud-rule-exclusions-plugin/9508953.yaml
@@ -0,0 +1,51 @@
+---
+meta:
+  author: "Esad Cetiner"
+  description: "Nextcloud Photos"
+  enabled: true
+  name: 9508953.yaml
+tests:
+  - test_title: 9508953-1
+    desc: Renaming tagged faces
+    stages:
+      - stage:
+          input:
+            dest_addr: 127.0.0.1
+            headers:
+              Host: localhost
+              User-Agent: OWASP CRS test agent
+              Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
+              Content-Type: text/plain;charset=UTF-8
+            port: 80
+            method: PROPFIND
+            uri: /remote.php/dav/recognize/esadc/faces/Joe/
+            data: |
+              <?xml version="1.0"?>
+                <d:propfind xmlns:d="DAV:"
+                  xmlns:oc="http://owncloud.org/ns"
+                  xmlns:nc="http://nextcloud.org/ns"
+                  xmlns:ocs="http://open-collaboration-services.org/ns">
+                  <d:prop>
+                    <d:getcontentlength />
+                    <d:getcontenttype />
+                    <d:getetag />
+                    <d:getlastmodified />
+                    <d:resourcetype />
+                    <nc:face-detections />
+                    <nc:face-preview-image />
+                    <nc:metadata-photos-size />
+                    <nc:metadata-photos-original_date_time />
+                    <nc:metadata-files-live-photo />
+                    <nc:metadata-blurhash/>
+                    <nc:has-preview />
+                    <nc:realpath />
+                    <nc:hidden />
+                    <oc:favorite />
+                    <oc:fileid />
+                    <oc:permissions />
+                    <nc:nbItems />
+                  </d:prop>
+                </d:propfind>
+            version: HTTP/1.1
+          output:
+            no_log_contains: id "920420"

From 20339e64d16f99f20c6d1e9287659799b497787d Mon Sep 17 00:00:00 2001
From: Esad Cetiner <104706115+EsadCetiner@users.noreply.github.com>
Date: Wed, 20 Nov 2024 07:36:15 +1100
Subject: [PATCH 2/2] fix: check for 921110 in test output

---
 tests/regression/nextcloud-rule-exclusions-plugin/9508953.yaml | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/tests/regression/nextcloud-rule-exclusions-plugin/9508953.yaml b/tests/regression/nextcloud-rule-exclusions-plugin/9508953.yaml
index e091bf3..f4366e5 100644
--- a/tests/regression/nextcloud-rule-exclusions-plugin/9508953.yaml
+++ b/tests/regression/nextcloud-rule-exclusions-plugin/9508953.yaml
@@ -48,4 +48,5 @@ tests:
                 </d:propfind>
             version: HTTP/1.1
           output:
-            no_log_contains: id "920420"
+            no_log_contains: |-
+              id "920420"|id "921110"