Support configurable limit on number of arguments processed

2025-09-29 19:24:29 +03:00 · 2022-12-14 07:01:23 -08:00
parent ac52086b44
commit 0981b325a7
6 changed files with 109 additions and 4 deletions
--- a/tests/regression/config/10-request-directives.t
+++ b/tests/regression/config/10-request-directives.t
@@ -703,3 +703,50 @@
 	),
 },

+# SecArgumentsLimit
+{
+	type => "config",
+	comment => "SecArgumentsLimit (pos)",
+	conf => qq(
+		SecRuleEngine On
+		SecRequestBodyAccess On
+		SecArgumentsLimit 5
+		SecRule REQBODY_ERROR "!\@eq 0" "id:'500232',phase:2,log,deny,status:403,msg:'Failed to parse request body'"
+	),
+	match_log => {
+		error => [ qr/Access denied with code 403 /, 1 ],
+	},
+	match_response => {
+		status => qr/^403$/,
+	},
+	request => new HTTP::Request(
+		POST => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt",
+		[
+			"Content-Type" => "application/x-www-form-urlencoded",
+		],
+		"a=1&b=2&c=3&d=4&e=5&f=6",
+	),
+},
+{
+	type => "config",
+	comment => "SecArgumentsLimit (neg)",
+	conf => qq(
+		SecRuleEngine On
+		SecRequestBodyAccess On
+		SecArgumentsLimit 5
+		SecRule REQBODY_ERROR "!\@eq 0" "id:'500233',phase:2,log,deny,status:403,msg:'Failed to parse request body'"
+	),
+	match_log => {
+	},
+	match_response => {
+		status => qr/^200$/,
+	},
+	request => new HTTP::Request(
+		POST => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt",
+		[
+			"Content-Type" => "application/x-www-form-urlencoded",
+		],
+		"a=1&b=2&c=3&d=4&e=5",
+	),
+},
+