From 772d7fdbf104fd3c56b6992257cdd48c24d26cc0 Mon Sep 17 00:00:00 2001
From: Kentaro Ohkouchi <nanasess@fsm.ne.jp>
Date: Wed, 2 Feb 2022 17:31:10 +0900
Subject: [PATCH 1/3] =?UTF-8?q?CSRF=E3=83=88=E3=83=BC=E3=82=AF=E3=83=B3?=
 =?UTF-8?q?=E3=81=A8=E3=82=A2=E3=83=A9=E3=83=BC=E3=83=88=E3=83=95=E3=82=A3?=
 =?UTF-8?q?=E3=83=AB=E3=82=BF=E3=83=BC=E3=82=92=E8=BF=BD=E5=8A=A0?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 zap/options.properties | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/zap/options.properties b/zap/options.properties
index 2001e1b0c4c..5d73baf8780 100644
--- a/zap/options.properties
+++ b/zap/options.properties
@@ -111,6 +111,8 @@ anticsrf.tokens.token\(53\).name=admin_change_password[_token]
 anticsrf.tokens.token\(53\).enabled=true
 anticsrf.tokens.token\(54\).name=calendar[_token]
 anticsrf.tokens.token\(54\).enabled=true
+anticsrf.tokens.token\(55\).name=nonmember[_token]
+anticsrf.tokens.token\(55\).enabled=true
 scanner.antiCSFR=true
 httpsessions.tokens.token\(0\).name=eccube
 httpsessions.tokens.token\(0\).enabled=true
@@ -142,3 +144,15 @@ globalalertfilter.filters.filter\(1\).attackregex=false
 globalalertfilter.filters.filter\(1\).evidence=
 globalalertfilter.filters.filter\(1\).evidenceregex=false
 globalalertfilter.filters.filter\(1\).enabled=true
+## Filtering out false positives in anti CSRF token
+globalalertfilter.filters.filter\(2\).ruleid=10202
+globalalertfilter.filters.filter\(2\).newrisk=-1
+globalalertfilter.filters.filter\(2\).url=https://ec-cube/.*
+globalalertfilter.filters.filter\(2\).urlregex=true
+globalalertfilter.filters.filter\(2\).param=
+globalalertfilter.filters.filter\(2\).paramregex=false
+globalalertfilter.filters.filter\(2\).attack=<form method="get" class="searchform" action="/products/list">
+globalalertfilter.filters.filter\(2\).attackregex=false
+globalalertfilter.filters.filter\(2\).evidence=
+globalalertfilter.filters.filter\(2\).evidenceregex=false
+globalalertfilter.filters.filter\(2\).enabled=true

From f55c4c2da8b18e4a2cf83d0b63ddad8b3a30dafa Mon Sep 17 00:00:00 2001
From: Kentaro Ohkouchi <nanasess@fsm.ne.jp>
Date: Thu, 3 Feb 2022 17:32:16 +0900
Subject: [PATCH 2/3] =?UTF-8?q?=E5=BF=85=E8=A6=81=E3=81=AA=E3=83=9D?=
 =?UTF-8?q?=E3=83=AA=E3=82=B7=E3=83=BC=E3=81=AE=E3=81=BF=E3=83=9E=E3=82=A6?=
 =?UTF-8?q?=E3=83=B3=E3=83=88=E3=81=99=E3=82=8B?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 docker-compose.owaspzap.yml        |  1 +
 zap/policies/Default Policy.policy | 81 ++++++++++++++++++++++++++++++
 2 files changed, 82 insertions(+)
 create mode 100644 zap/policies/Default Policy.policy

diff --git a/docker-compose.owaspzap.yml b/docker-compose.owaspzap.yml
index 220d7802c6b..cffdac55dba 100644
--- a/docker-compose.owaspzap.yml
+++ b/docker-compose.owaspzap.yml
@@ -7,6 +7,7 @@ services:
     command: bash -c "zap.sh -cmd -addonupdate -addoninstall help_ja_JP -addoninstall wappalyzer -addoninstall sequence -addonuninstall hud -configfile /zap/wrk/options.properties -certpubdump /zap/wrk/owasp_zap_root_ca.cer && zap-webswing.sh"
     # 詳細スキャンしたい場合はこちらを使用する command: bash -c "zap.sh -cmd -addonupdate -addoninstall help_ja_JP -addoninstall wappalyzer -addoninstall ascanrulesAlpha -addoninstall ascanrulesBeta -addoninstall sqliplugin -addoninstall sequence -addonuninstall hud -configfile /zap/wrk/options.properties -certpubdump /zap/wrk/owasp_zap_root_ca.cer && zap-webswing.sh"
     volumes:
+      - ./zap/policies:/home/zap/.ZAP/policies/
       - ./zap:/zap/wrk/
     ports:
       - "8081:8080"
diff --git a/zap/policies/Default Policy.policy b/zap/policies/Default Policy.policy
new file mode 100644
index 00000000000..5324125faea
--- /dev/null
+++ b/zap/policies/Default Policy.policy	
@@ -0,0 +1,81 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<configuration>
+    <policy>Default Policy</policy>
+    <scanner>
+        <level>MEDIUM</level>
+        <strength>MEDIUM</strength>
+    </scanner>
+    <plugins>
+        <p6>
+            <enabled>true</enabled>
+        </p6>
+        <p7>
+            <enabled>true</enabled>
+        </p7>
+        <p10045>
+            <enabled>true</enabled>
+        </p10045>
+        <p20019>
+            <enabled>true</enabled>
+        </p20019>
+        <p40009>
+            <enabled>true</enabled>
+        </p40009>
+        <p40012>
+            <enabled>true</enabled>
+        </p40012>
+        <p40014>
+            <enabled>true</enabled>
+        </p40014>
+        <p40018>
+            <enabled>true</enabled>
+        </p40018>
+        <p90019>
+            <enabled>true</enabled>
+        </p90019>
+        <p90020>
+            <enabled>true</enabled>
+        </p90020>
+        <p0>
+            <enabled>true</enabled>
+        </p0>
+        <p30001>
+            <enabled>true</enabled>
+        </p30001>
+        <p30002>
+            <enabled>true</enabled>
+        </p30002>
+        <p40003>
+            <enabled>true</enabled>
+        </p40003>
+        <p40008>
+            <enabled>true</enabled>
+        </p40008>
+        <p40028>
+            <enabled>true</enabled>
+        </p40028>
+        <p40032>
+            <enabled>true</enabled>
+        </p40032>
+        <p40016>
+            <enabled>true</enabled>
+        </p40016>
+        <p40017>
+            <enabled>true</enabled>
+        </p40017>
+        <p50000>
+            <enabled>true</enabled>
+        </p50000>
+        <p40026>
+            <enabled>true</enabled>
+        </p40026>
+        <p90026>
+            <enabled>false</enabled>
+            <level>OFF</level>
+        </p90026>
+        <p90029>
+            <enabled>false</enabled>
+            <level>OFF</level>
+        </p90029>
+    </plugins>
+</configuration>

From 754ac033aadbd6a643a137055a323ab219c0842c Mon Sep 17 00:00:00 2001
From: Kentaro Ohkouchi <nanasess@fsm.ne.jp>
Date: Wed, 16 Feb 2022 12:42:08 +0900
Subject: [PATCH 3/3] =?UTF-8?q?=E3=82=A2=E3=83=B3=E3=83=81CSRF=E3=83=88?=
 =?UTF-8?q?=E3=83=BC=E3=82=AF=E3=83=B3=E3=81=A8=E3=82=A2=E3=83=A9=E3=83=BC?=
 =?UTF-8?q?=E3=83=88=E3=83=95=E3=82=A3=E3=83=AB=E3=82=BF=E3=83=BC=E3=82=92?=
 =?UTF-8?q?=E8=BF=BD=E5=8A=A0?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 zap/options.properties | 282 ++++++++++++++++++++++++++++++++++++++++-
 1 file changed, 280 insertions(+), 2 deletions(-)

diff --git a/zap/options.properties b/zap/options.properties
index 5d73baf8780..388803dd54f 100644
--- a/zap/options.properties
+++ b/zap/options.properties
@@ -113,6 +113,8 @@ anticsrf.tokens.token\(54\).name=calendar[_token]
 anticsrf.tokens.token\(54\).enabled=true
 anticsrf.tokens.token\(55\).name=nonmember[_token]
 anticsrf.tokens.token\(55\).enabled=true
+anticsrf.tokens.token\(56\).name=admin_customer[_token]
+anticsrf.tokens.token\(56\).enabled=true
 scanner.antiCSFR=true
 httpsessions.tokens.token\(0\).name=eccube
 httpsessions.tokens.token\(0\).enabled=true
@@ -120,7 +122,7 @@ httpsessions.tokens.token\(1\).name=ecsessid
 httpsessions.tokens.token\(1\).enabled=true
 httpsessions.tokens.token\(2\).name=phpsessid
 httpsessions.tokens.token\(2\).enabled=true
-## Filtering out false positives in PATH Traversal
+## Filtering out false positives in PATH Traversal to add_cart
 globalalertfilter.filters.filter\(0\).ruleid=6
 globalalertfilter.filters.filter\(0\).newrisk=-1
 globalalertfilter.filters.filter\(0\).url=https://ec-cube/products/add_cart/[0-9]+
@@ -144,7 +146,7 @@ globalalertfilter.filters.filter\(1\).attackregex=false
 globalalertfilter.filters.filter\(1\).evidence=
 globalalertfilter.filters.filter\(1\).evidenceregex=false
 globalalertfilter.filters.filter\(1\).enabled=true
-## Filtering out false positives in anti CSRF token
+## Filtering out false positives in anti CSRF token to searchForm
 globalalertfilter.filters.filter\(2\).ruleid=10202
 globalalertfilter.filters.filter\(2\).newrisk=-1
 globalalertfilter.filters.filter\(2\).url=https://ec-cube/.*
@@ -156,3 +158,279 @@ globalalertfilter.filters.filter\(2\).attackregex=false
 globalalertfilter.filters.filter\(2\).evidence=
 globalalertfilter.filters.filter\(2\).evidenceregex=false
 globalalertfilter.filters.filter\(2\).enabled=true
+## Filtering out false positives in PATH Traversal to method
+globalalertfilter.filters.filter\(3\).ruleid=6
+globalalertfilter.filters.filter\(3\).newrisk=-1
+globalalertfilter.filters.filter\(3\).url=https://ec-cube/.*/delete
+globalalertfilter.filters.filter\(3\).urlregex=true
+globalalertfilter.filters.filter\(3\).param=_method
+globalalertfilter.filters.filter\(3\).paramregex=false
+globalalertfilter.filters.filter\(3\).attack=delete
+globalalertfilter.filters.filter\(3\).attackregex=false
+globalalertfilter.filters.filter\(3\).evidence=
+globalalertfilter.filters.filter\(3\).evidenceregex=false
+globalalertfilter.filters.filter\(3\).enabled=true
+## Filtering out false positives in anti CSRF token to ec-cube.net
+globalalertfilter.filters.filter\(4\).ruleid=10202
+globalalertfilter.filters.filter\(4\).newrisk=-1
+globalalertfilter.filters.filter\(4\).url=https://ec-cube/.*
+globalalertfilter.filters.filter\(4\).urlregex=true
+globalalertfilter.filters.filter\(4\).param=
+globalalertfilter.filters.filter\(4\).paramregex=false
+globalalertfilter.filters.filter\(4\).attack=<form action="https://www.ec-cube.net/.*" method="post" target="_blank">
+globalalertfilter.filters.filter\(4\).attackregex=true
+globalalertfilter.filters.filter\(4\).evidence=
+globalalertfilter.filters.filter\(4\).evidenceregex=false
+globalalertfilter.filters.filter\(4\).enabled=true
+## Filtering out false positives in anti CSRF token to form_bulk
+globalalertfilter.filters.filter\(5\).ruleid=10202
+globalalertfilter.filters.filter\(5\).newrisk=-1
+globalalertfilter.filters.filter\(5\).url=https://ec-cube/admin/product
+globalalertfilter.filters.filter\(5\).urlregex=false
+globalalertfilter.filters.filter\(5\).param=
+globalalertfilter.filters.filter\(5\).paramregex=false
+globalalertfilter.filters.filter\(5\).attack=
+globalalertfilter.filters.filter\(5\).attackregex=false
+globalalertfilter.filters.filter\(5\).evidence=<form id="form_bulk" method="POST" action="">
+globalalertfilter.filters.filter\(5\).evidenceregex=false
+globalalertfilter.filters.filter\(5\).enabled=true
+## Filtering out false positives in anti CSRF token to category
+globalalertfilter.filters.filter\(6\).ruleid=10202
+globalalertfilter.filters.filter\(6\).newrisk=-1
+globalalertfilter.filters.filter\(6\).url=https://ec-cube/admin/category
+globalalertfilter.filters.filter\(6\).urlregex=false
+globalalertfilter.filters.filter\(6\).param=
+globalalertfilter.filters.filter\(6\).paramregex=false
+globalalertfilter.filters.filter\(6\).attack=
+globalalertfilter.filters.filter\(6\).attackregex=false
+globalalertfilter.filters.filter\(6\).evidence=<form class="form-row d-none mode-edit" method="POST" action="https://ec-cube/admin/product/category" enctype="multipart/form-data">
+globalalertfilter.filters.filter\(6\).evidenceregex=false
+globalalertfilter.filters.filter\(6\).enabled=true
+## Filtering out false positives in anti CSRF token to class_category
+globalalertfilter.filters.filter\(7\).ruleid=10202
+globalalertfilter.filters.filter\(7\).newrisk=-1
+globalalertfilter.filters.filter\(7\).url=https://ec-cube/admin/product/class_category/.*
+globalalertfilter.filters.filter\(7\).urlregex=true
+globalalertfilter.filters.filter\(7\).param=
+globalalertfilter.filters.filter\(7\).paramregex=false
+globalalertfilter.filters.filter\(7\).attack=
+globalalertfilter.filters.filter\(7\).attackregex=false
+globalalertfilter.filters.filter\(7\).evidence=<form class="form-row d-none mode-edit" method="post" action="https://ec-cube/admin/product/class_category/[0-9]+/[0-9]+/edit">
+globalalertfilter.filters.filter\(7\).evidenceregex=true
+globalalertfilter.filters.filter\(7\).enabled=true
+## Filtering out false positives in anti CSRF token to class_name
+globalalertfilter.filters.filter\(8\).ruleid=10202
+globalalertfilter.filters.filter\(8\).newrisk=-1
+globalalertfilter.filters.filter\(8\).url=https://ec-cube/admin/product/class_name
+globalalertfilter.filters.filter\(8\).urlregex=false
+globalalertfilter.filters.filter\(8\).param=
+globalalertfilter.filters.filter\(8\).paramregex=false
+globalalertfilter.filters.filter\(8\).attack=
+globalalertfilter.filters.filter\(8\).attackregex=false
+globalalertfilter.filters.filter\(8\).evidence=<form class="form-row d-none mode-edit" method="post" action="https://ec-cube/admin/product/class_name">
+globalalertfilter.filters.filter\(8\).evidenceregex=false
+globalalertfilter.filters.filter\(8\).enabled=true
+## Filtering out false positives in anti CSRF token to tag
+globalalertfilter.filters.filter\(9\).ruleid=10202
+globalalertfilter.filters.filter\(9\).newrisk=-1
+globalalertfilter.filters.filter\(9\).url=https://ec-cube/admin/product/tag
+globalalertfilter.filters.filter\(9\).urlregex=false
+globalalertfilter.filters.filter\(9\).param=
+globalalertfilter.filters.filter\(9\).paramregex=false
+globalalertfilter.filters.filter\(9\).attack=
+globalalertfilter.filters.filter\(9\).attackregex=false
+globalalertfilter.filters.filter\(9\).evidence=<form class="form-row d-none mode-edit" method="post" action="https://ec-cube/admin/product/tag">
+globalalertfilter.filters.filter\(9\).evidenceregex=false
+globalalertfilter.filters.filter\(9\).enabled=true
+## Filtering out false positives in PATH Traversal to edit
+globalalertfilter.filters.filter\(10\).ruleid=6
+globalalertfilter.filters.filter\(10\).newrisk=-1
+globalalertfilter.filters.filter\(10\).url=https://ec-cube/admin/.*/edit
+globalalertfilter.filters.filter\(10\).urlregex=true
+globalalertfilter.filters.filter\(10\).param=
+globalalertfilter.filters.filter\(10\).paramregex=false
+globalalertfilter.filters.filter\(10\).attack=edit
+globalalertfilter.filters.filter\(10\).attackregex=false
+globalalertfilter.filters.filter\(10\).evidence=
+globalalertfilter.filters.filter\(10\).evidenceregex=false
+globalalertfilter.filters.filter\(10\).enabled=true
+## Filtering out false positives in PATH Traversal to new
+globalalertfilter.filters.filter\(11\).ruleid=6
+globalalertfilter.filters.filter\(11\).newrisk=-1
+globalalertfilter.filters.filter\(11\).url=https://ec-cube/admin/.*/new
+globalalertfilter.filters.filter\(11\).urlregex=true
+globalalertfilter.filters.filter\(11\).param=
+globalalertfilter.filters.filter\(11\).paramregex=false
+globalalertfilter.filters.filter\(11\).attack=new
+globalalertfilter.filters.filter\(11\).attackregex=false
+globalalertfilter.filters.filter\(11\).evidence=
+globalalertfilter.filters.filter\(11\).evidenceregex=false
+globalalertfilter.filters.filter\(11\).enabled=true
+## Filtering out false positives in anti CSRF token to order_item_type
+globalalertfilter.filters.filter\(12\).ruleid=10202
+globalalertfilter.filters.filter\(12\).newrisk=-1
+globalalertfilter.filters.filter\(12\).url=https://ec-cube/admin/order/search/order_item_type
+globalalertfilter.filters.filter\(12\).urlregex=false
+globalalertfilter.filters.filter\(12\).param=
+globalalertfilter.filters.filter\(12\).paramregex=false
+globalalertfilter.filters.filter\(12\).attack=
+globalalertfilter.filters.filter\(12\).attackregex=false
+globalalertfilter.filters.filter\(12\).evidence=<form name="product_form[0-9]+">
+globalalertfilter.filters.filter\(12\).evidenceregex=true
+globalalertfilter.filters.filter\(12\).enabled=true
+## Filtering out false positives in anti CSRF token to search product
+globalalertfilter.filters.filter\(13\).ruleid=10202
+globalalertfilter.filters.filter\(13\).newrisk=-1
+globalalertfilter.filters.filter\(13\).url=https://ec-cube/admin/.*/search/product
+globalalertfilter.filters.filter\(13\).urlregex=true
+globalalertfilter.filters.filter\(13\).param=
+globalalertfilter.filters.filter\(13\).paramregex=false
+globalalertfilter.filters.filter\(13\).attack=
+globalalertfilter.filters.filter\(13\).attackregex=false
+globalalertfilter.filters.filter\(13\).evidence=<form name="product_form[0-9]+">
+globalalertfilter.filters.filter\(13\).evidenceregex=true
+globalalertfilter.filters.filter\(13\).enabled=true
+## Filtering out false positives in XSS(Persistent) to file_manager
+globalalertfilter.filters.filter\(14\).ruleid=40014
+globalalertfilter.filters.filter\(14\).newrisk=-1
+globalalertfilter.filters.filter\(14\).url=https://ec-cube/admin/content/file_manager
+globalalertfilter.filters.filter\(14\).urlregex=false
+globalalertfilter.filters.filter\(14\).param=form[file][]
+globalalertfilter.filters.filter\(14\).paramregex=false
+globalalertfilter.filters.filter\(14\).attack=;alert(1)
+globalalertfilter.filters.filter\(14\).attackregex=false
+globalalertfilter.filters.filter\(14\).evidence=
+globalalertfilter.filters.filter\(14\).evidenceregex=false
+globalalertfilter.filters.filter\(14\).enabled=true
+## Filtering out false positives in XSS(Reflected) to file_manager
+globalalertfilter.filters.filter\(15\).ruleid=40012
+globalalertfilter.filters.filter\(15\).newrisk=-1
+globalalertfilter.filters.filter\(15\).url=https://ec-cube/admin/content/file_manager
+globalalertfilter.filters.filter\(15\).urlregex=false
+globalalertfilter.filters.filter\(15\).param=
+globalalertfilter.filters.filter\(15\).paramregex=false
+globalalertfilter.filters.filter\(15\).attack=;alert(1)
+globalalertfilter.filters.filter\(15\).attackregex=false
+globalalertfilter.filters.filter\(15\).evidence=;alert(1)
+globalalertfilter.filters.filter\(15\).evidenceregex=false
+globalalertfilter.filters.filter\(15\).enabled=true
+## Filtering out false positives in XSS(Reflected) to recommend
+globalalertfilter.filters.filter\(16\).ruleid=40012
+globalalertfilter.filters.filter\(16\).newrisk=-1
+globalalertfilter.filters.filter\(16\).url=https://ec-cube/admin/plugin/recommend/.*
+globalalertfilter.filters.filter\(16\).urlregex=true
+globalalertfilter.filters.filter\(16\).param=recommend_product[comment]
+globalalertfilter.filters.filter\(16\).paramregex=false
+globalalertfilter.filters.filter\(16\).attack=
+globalalertfilter.filters.filter\(16\).attackregex=false
+globalalertfilter.filters.filter\(16\).evidence=
+globalalertfilter.filters.filter\(16\).evidenceregex=false
+globalalertfilter.filters.filter\(16\).enabled=true
+## Filtering out false positives in SQL Injection to file_manager
+globalalertfilter.filters.filter\(17\).ruleid=40018
+globalalertfilter.filters.filter\(17\).newrisk=-1
+globalalertfilter.filters.filter\(17\).url=https://ec-cube/admin/content/file_manager
+globalalertfilter.filters.filter\(17\).urlregex=false
+globalalertfilter.filters.filter\(17\).param=
+globalalertfilter.filters.filter\(17\).paramregex=false
+globalalertfilter.filters.filter\(17\).attack=
+globalalertfilter.filters.filter\(17\).attackregex=false
+globalalertfilter.filters.filter\(17\).evidence=
+globalalertfilter.filters.filter\(17\).evidenceregex=false
+globalalertfilter.filters.filter\(17\).enabled=true
+## Filtering out false positives in XSS(Reflected) to mail_magazine
+globalalertfilter.filters.filter\(18\).ruleid=40012
+globalalertfilter.filters.filter\(18\).newrisk=-1
+globalalertfilter.filters.filter\(18\).url=https://ec-cube/admin/plugin/mail_magazine/select/.*
+globalalertfilter.filters.filter\(18\).urlregex=true
+globalalertfilter.filters.filter\(18\).param=mail_magazine[htmlBody]
+globalalertfilter.filters.filter\(18\).paramregex=false
+globalalertfilter.filters.filter\(18\).attack=
+globalalertfilter.filters.filter\(18\).attackregex=false
+globalalertfilter.filters.filter\(18\).evidence=
+globalalertfilter.filters.filter\(18\).evidenceregex=false
+globalalertfilter.filters.filter\(18\).enabled=true
+## Filtering out false positives in XSS(Reflected) to mail preview
+globalalertfilter.filters.filter\(19\).ruleid=40012
+globalalertfilter.filters.filter\(19\).newrisk=-1
+globalalertfilter.filters.filter\(19\).url=https://ec-cube/admin/setting/shop/mail/preview
+globalalertfilter.filters.filter\(19\).urlregex=false
+globalalertfilter.filters.filter\(19\).param=html_body
+globalalertfilter.filters.filter\(19\).paramregex=false
+globalalertfilter.filters.filter\(19\).attack=
+globalalertfilter.filters.filter\(19\).attackregex=false
+globalalertfilter.filters.filter\(19\).evidence=
+globalalertfilter.filters.filter\(19\).evidenceregex=false
+globalalertfilter.filters.filter\(19\).enabled=true
+## Filtering out false positives in PATH Traversal to csv
+globalalertfilter.filters.filter\(20\).ruleid=6
+globalalertfilter.filters.filter\(20\).newrisk=-1
+globalalertfilter.filters.filter\(20\).url=https://ec-cube/admin/setting/shop/csv/.*
+globalalertfilter.filters.filter\(20\).urlregex=true
+globalalertfilter.filters.filter\(20\).param=
+globalalertfilter.filters.filter\(20\).paramregex=false
+globalalertfilter.filters.filter\(20\).attack=[0-9]+
+globalalertfilter.filters.filter\(20\).attackregex=true
+globalalertfilter.filters.filter\(20\).evidence=
+globalalertfilter.filters.filter\(20\).evidenceregex=false
+globalalertfilter.filters.filter\(20\).enabled=true
+## Filtering out false positives in PATH Traversal to security
+globalalertfilter.filters.filter\(21\).ruleid=6
+globalalertfilter.filters.filter\(21\).newrisk=-1
+globalalertfilter.filters.filter\(21\).url=https://ec-cube/admin/setting/system/security
+globalalertfilter.filters.filter\(21\).urlregex=false
+globalalertfilter.filters.filter\(21\).param=admin_security[admin_route_dir]
+globalalertfilter.filters.filter\(21\).paramregex=false
+globalalertfilter.filters.filter\(21\).attack=security
+globalalertfilter.filters.filter\(21\).attackregex=false
+globalalertfilter.filters.filter\(21\).evidence=
+globalalertfilter.filters.filter\(21\).evidenceregex=false
+globalalertfilter.filters.filter\(21\).enabled=true
+## Filtering out false positives in anti CSRF token to authentication_setting
+globalalertfilter.filters.filter\(22\).ruleid=10202
+globalalertfilter.filters.filter\(22\).newrisk=-1
+globalalertfilter.filters.filter\(22\).url=https://ec-cube/admin/store/plugin/authentication_setting
+globalalertfilter.filters.filter\(22\).urlregex=false
+globalalertfilter.filters.filter\(22\).param=
+globalalertfilter.filters.filter\(22\).paramregex=false
+globalalertfilter.filters.filter\(22\).attack=
+globalalertfilter.filters.filter\(22\).attackregex=false
+globalalertfilter.filters.filter\(22\).evidence=<form id="captcha-form" method="post">
+globalalertfilter.filters.filter\(22\).evidenceregex=false
+globalalertfilter.filters.filter\(22\).enabled=true
+## Filtering out false positives in anti CSRF token to memeber
+globalalertfilter.filters.filter\(22\).ruleid=10202
+globalalertfilter.filters.filter\(22\).newrisk=-1
+globalalertfilter.filters.filter\(22\).url=https://ec-cube/admin/setting/system/member
+globalalertfilter.filters.filter\(22\).urlregex=false
+globalalertfilter.filters.filter\(22\).param=
+globalalertfilter.filters.filter\(22\).paramregex=false
+globalalertfilter.filters.filter\(22\).attack=
+globalalertfilter.filters.filter\(22\).attackregex=false
+globalalertfilter.filters.filter\(22\).evidence=<form name="form1" id="form1" method="post" action="">
+globalalertfilter.filters.filter\(22\).evidenceregex=false
+globalalertfilter.filters.filter\(22\).enabled=true
+## Filtering out false positives in PATH Traversal to customer
+globalalertfilter.filters.filter\(23\).ruleid=6
+globalalertfilter.filters.filter\(23\).newrisk=-1
+globalalertfilter.filters.filter\(23\).url=https://ec-cube/shopping/customer
+globalalertfilter.filters.filter\(23\).urlregex=false
+globalalertfilter.filters.filter\(23\).param=
+globalalertfilter.filters.filter\(23\).paramregex=false
+globalalertfilter.filters.filter\(23\).attack=customer
+globalalertfilter.filters.filter\(23\).attackregex=false
+globalalertfilter.filters.filter\(23\).evidence=
+globalalertfilter.filters.filter\(23\).evidenceregex=false
+globalalertfilter.filters.filter\(23\).enabled=true
+## Filtering out false positives in anti CSRF token to favorite
+globalalertfilter.filters.filter\(24\).ruleid=10202
+globalalertfilter.filters.filter\(24\).newrisk=-1
+globalalertfilter.filters.filter\(24\).url=https://ec-cube/products/detail/.*
+globalalertfilter.filters.filter\(24\).urlregex=true
+globalalertfilter.filters.filter\(24\).param=
+globalalertfilter.filters.filter\(24\).paramregex=false
+globalalertfilter.filters.filter\(24\).attack=
+globalalertfilter.filters.filter\(24\).attackregex=false
+globalalertfilter.filters.filter\(24\).evidence=<form action="https://ec-cube/products/add_favorite/[0-9]+" method="post">
+globalalertfilter.filters.filter\(24\).evidenceregex=true
+globalalertfilter.filters.filter\(24\).enabled=true
\ No newline at end of file