Add vpatch-CVE-2022-3481 rule and test

[crowdsec-automation]

This rule targets the SQL injection vulnerability in the NotificationX Dropshipping plugin for WordPress, specifically in the /wp-json/woo-aliexpress/v1/product-sku REST endpoint. The attack is performed via the sku parameter in a JSON body.

• The first rule condition matches requests to the vulnerable endpoint by checking if the URI contains /wp-json/woo-aliexpress/v1/product-sku, using a lowercase transform for case insensitivity.
• The second rule condition inspects the json.sku parameter in the request body, applying both lowercase and urldecode transforms to normalize the input. It looks for the pattern " and (, which is a strong indicator of SQL injection attempts using boolean logic and subqueries, as seen in the provided nuclei template payload.
• The rule avoids matching on the full SQL payload to reduce false negatives and instead focuses on the SQL metacharacter pattern that is typical for such attacks.
• The labels section includes the correct CVE, ATT&CK, and CWE references, and the product/vuln class label is formatted as required.

Validation checklist:

• All value: fields are lowercase.
• All relevant transforms include lowercase.
• No match.value contains capital letters.
• The rule uses contains instead of regex where applicable.

[github-actions]

Hello @crowdsec-automation and thank you for your contribution!

❗ It seems that the following scenarios are not part of the 'crowdsecurity/appsec-virtual-patching' collection:

🔴 crowdsecurity/vpatch-CVE-2022-3481 🔴

[github-actions]

Hello @crowdsec-automation,

Scenarios/AppSec Rule are compliant with the taxonomy, thank you for your contribution!