github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2025-08-15 23:55:03 +03:00
Code Issues Packages Projects Releases Wiki Activity

Newer apaches default to text/plain instead of null.

Browse Source 
Make matching files a bit more robust.
This commit is contained in:
brectanus 2008-06-16 17:20:50 +00:00
parent 21f305095c
commit 326208d02c
3 changed files with 73 additions and 38 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
apache2/t/regression/config/10-response-directives.t
View File

@ -33,7 +33,7 @@
SecDebugLog $ENV{DEBUG_LOG} SecDebugLog $ENV{DEBUG_LOG}
SecDebugLogLevel 9 SecDebugLogLevel 9
SecResponseBodyAccess On SecResponseBodyAccess On
SecResponseBodyMimeType null SecResponseBodyMimeType text/plain null
SecRule RESPONSE_BODY "TEST" "phase:4,deny" SecRule RESPONSE_BODY "TEST" "phase:4,deny"
), ),
match_log => { match_log => {
@ -54,7 +54,7 @@
SecDebugLog $ENV{DEBUG_LOG} SecDebugLog $ENV{DEBUG_LOG}
SecDebugLogLevel 9 SecDebugLogLevel 9
SecResponseBodyAccess Off SecResponseBodyAccess Off
SecResponseBodyMimeType null SecResponseBodyMimeType text/plain null
SecRule RESPONSE_BODY "TEST" "phase:4,deny" SecRule RESPONSE_BODY "TEST" "phase:4,deny"
), ),
match_log => { match_log => {
@ -76,7 +76,7 @@
conf => qq( conf => qq(
SecRuleEngine On SecRuleEngine On
SecResponseBodyAccess On SecResponseBodyAccess On
SecResponseBodyMimeType null SecResponseBodyMimeType text/plain null
SecResponseBodyLimit 8192 SecResponseBodyLimit 8192
), ),
match_log => { match_log => {
@ -95,7 +95,7 @@
conf => qq( conf => qq(
SecRuleEngine On SecRuleEngine On
SecResponseBodyAccess On SecResponseBodyAccess On
SecResponseBodyMimeType null SecResponseBodyMimeType text/plain null
SecResponseBodyLimit 9000 SecResponseBodyLimit 9000
), ),
match_log => { match_log => {
@ -114,7 +114,7 @@
conf => qq( conf => qq(
SecRuleEngine On SecRuleEngine On
SecResponseBodyAccess On SecResponseBodyAccess On
SecResponseBodyMimeType null SecResponseBodyMimeType text/plain null
SecResponseBodyLimit 8000 SecResponseBodyLimit 8000
), ),
match_log => { match_log => {
@ -135,7 +135,7 @@
conf => qq( conf => qq(
SecRuleEngine On SecRuleEngine On
SecResponseBodyAccess On SecResponseBodyAccess On
SecResponseBodyMimeType null SecResponseBodyMimeType text/plain null
SecResponseBodyLimit 5 SecResponseBodyLimit 5
SecResponseBodyLimitAction Reject SecResponseBodyLimitAction Reject
), ),
@ -155,7 +155,7 @@
conf => qq( conf => qq(
SecRuleEngine On SecRuleEngine On
SecResponseBodyAccess On SecResponseBodyAccess On
SecResponseBodyMimeType null SecResponseBodyMimeType text/plain null
SecResponseBodyLimit 5 SecResponseBodyLimit 5
SecDebugLog $ENV{DEBUG_LOG} SecDebugLog $ENV{DEBUG_LOG}
SecDebugLogLevel 4 SecDebugLogLevel 4

12
apache2/t/regression/misc/00-phases.t
View File

@ -8,7 +8,7 @@
SecRuleEngine On SecRuleEngine On
SecRequestBodyAccess On SecRequestBodyAccess On
SecResponseBodyAccess On SecResponseBodyAccess On
SecResponseBodyMimeType null SecResponseBodyMimeType text/plain null
SecRule REQUEST_LINE "^POST" "phase:1,pass,log,auditlog" SecRule REQUEST_LINE "^POST" "phase:1,pass,log,auditlog"
SecRule ARGS "val1" "phase:1,pass,log,auditlog" SecRule ARGS "val1" "phase:1,pass,log,auditlog"
SecRule RESPONSE_HEADERS:Last-Modified "." "phase:1,pass,log,auditlog" SecRule RESPONSE_HEADERS:Last-Modified "." "phase:1,pass,log,auditlog"
@ -38,7 +38,7 @@
SecRuleEngine On SecRuleEngine On
SecRequestBodyAccess On SecRequestBodyAccess On
SecResponseBodyAccess On SecResponseBodyAccess On
SecResponseBodyMimeType null SecResponseBodyMimeType text/plain null
SecRule REQUEST_LINE "^POST" "phase:2,pass,log,auditlog" SecRule REQUEST_LINE "^POST" "phase:2,pass,log,auditlog"
SecRule ARGS "val1" "phase:2,pass,log,auditlog" SecRule ARGS "val1" "phase:2,pass,log,auditlog"
SecRule RESPONSE_HEADERS:Last-Modified "." "phase:2,pass,log,auditlog" SecRule RESPONSE_HEADERS:Last-Modified "." "phase:2,pass,log,auditlog"
@ -68,7 +68,7 @@
SecRuleEngine On SecRuleEngine On
SecRequestBodyAccess On SecRequestBodyAccess On
SecResponseBodyAccess On SecResponseBodyAccess On
SecResponseBodyMimeType null SecResponseBodyMimeType text/plain null
SecRule REQUEST_LINE "^POST" "phase:3,pass,log,auditlog" SecRule REQUEST_LINE "^POST" "phase:3,pass,log,auditlog"
SecRule ARGS "val1" "phase:3,pass,log,auditlog" SecRule ARGS "val1" "phase:3,pass,log,auditlog"
SecRule RESPONSE_HEADERS:Last-Modified "." "phase:3,pass,log,auditlog" SecRule RESPONSE_HEADERS:Last-Modified "." "phase:3,pass,log,auditlog"
@ -98,7 +98,9 @@
SecRuleEngine On SecRuleEngine On
SecRequestBodyAccess On SecRequestBodyAccess On
SecResponseBodyAccess On SecResponseBodyAccess On
SecResponseBodyMimeType null SecResponseBodyMimeType text/plain null
SecDebugLog "$ENV{DEBUG_LOG}"
SecDebugLogLevel 9
SecRule REQUEST_LINE "^POST" "phase:4,pass,log,auditlog" SecRule REQUEST_LINE "^POST" "phase:4,pass,log,auditlog"
SecRule ARGS "val1" "phase:4,pass,log,auditlog" SecRule ARGS "val1" "phase:4,pass,log,auditlog"
SecRule RESPONSE_HEADERS:Last-Modified "." "phase:4,pass,log,auditlog" SecRule RESPONSE_HEADERS:Last-Modified "." "phase:4,pass,log,auditlog"
@ -127,7 +129,7 @@
SecRuleEngine On SecRuleEngine On
SecRequestBodyAccess On SecRequestBodyAccess On
SecResponseBodyAccess On SecResponseBodyAccess On
SecResponseBodyMimeType null SecResponseBodyMimeType text/plain null
SecRule REQUEST_LINE "^POST" "phase:5,pass,log,auditlog" SecRule REQUEST_LINE "^POST" "phase:5,pass,log,auditlog"
SecRule ARGS "val1" "phase:5,pass,log,auditlog" SecRule ARGS "val1" "phase:5,pass,log,auditlog"
SecRule RESPONSE_HEADERS:Last-Modified "." "phase:5,pass,log,auditlog" SecRule RESPONSE_HEADERS:Last-Modified "." "phase:5,pass,log,auditlog"

85
apache2/t/run-regression-tests.pl.in
View File

@ -416,6 +416,11 @@ sub match_log {
msg("Warning: Empty regular expression.") if (!defined $re or $re eq ""); msg("Warning: Empty regular expression.") if (!defined $re or $re eq "");
unless (defined $fh) {
msg("Error: File \"$name\" is not opened for matching.");
return;
}
$timeout = 0 unless (defined $timeout); $timeout = 0 unless (defined $timeout);
do { do {
@ -432,10 +437,16 @@ sub match_log {
sub match_file { sub match_file {
my($neg,$fn) = ($_[0] =~ m/^(-?)(.*)$/); my($neg,$fn) = ($_[0] =~ m/^(-?)(.*)$/);
unless (exists $FILE{$fn}) { unless (exists $FILE{$fn}) {
$FILE{$fn}{fn} = $fn; eval {
$FILE{$fn}{fd} = new FileHandle($fn, O_RDONLY); $FILE{$fn}{fn} = $fn;
$FILE{$fn}{fd}->blocking(0); $FILE{$fn}{fd} = new FileHandle($fn, O_RDONLY) or die "$!\n";
$FILE{$fn}{buf} = ""; $FILE{$fn}{fd}->blocking(0);
$FILE{$fn}{buf} = "";
};
if ($@) {
msg("Warning: Failed to open file \"$fn\": $@");
return;
}
} }
return match_log($_[0], $_[1]); # timeout makes no sense return match_log($_[0], $_[1]); # timeout makes no sense
} }
@ -650,38 +661,60 @@ sub httpd_reset_fd {
} }
# Error # Error
$FILE{error}{fn} = $opt{E}; eval {
$FILE{error}{fd} = new FileHandle($opt{E}, O_RDWR|O_CREAT); $FILE{error}{fn} = $opt{E};
$FILE{error}{fd}->blocking(0); $FILE{error}{fd} = new FileHandle($opt{E}, O_RDWR|O_CREAT) or die "$!\n";
$FILE{error}{fd}->sysseek(0, 2); $FILE{error}{fd}->blocking(0);
$FILE{error}{buf} = ""; $FILE{error}{fd}->sysseek(0, 2);
$FILE{error}{buf} = "";
};
if ($@) {
msg("Warning: Failed to open file \"$opt{E}\": $@");
return undef;
}
# Audit # Audit
$FILE{audit}{fn} = $opt{A}; eval {
$FILE{audit}{fd} = new FileHandle($opt{A}, O_RDWR|O_CREAT); $FILE{audit}{fn} = $opt{A};
$FILE{audit}{fd}->blocking(0); $FILE{audit}{fd} = new FileHandle($opt{A}, O_RDWR|O_CREAT) or die "$!\n";
$FILE{audit}{fd}->sysseek(0, 2); $FILE{audit}{fd}->blocking(0);
$FILE{audit}{buf} = ""; $FILE{audit}{fd}->sysseek(0, 2);
$FILE{audit}{buf} = "";
};
if ($@) {
msg("Warning: Failed to open file \"$opt{A}\": $@");
return undef;
}
# Debug # Debug
$FILE{debug}{fn} = $opt{D}; eval {
$FILE{debug}{fd} = new FileHandle($opt{D}, O_RDWR|O_CREAT); $FILE{debug}{fn} = $opt{D};
$FILE{debug}{fd}->blocking(0); $FILE{debug}{fd} = new FileHandle($opt{D}, O_RDWR|O_CREAT) or die "$!\n";
$FILE{debug}{fd}->sysseek(0, 2); $FILE{debug}{fd}->blocking(0);
$FILE{debug}{buf} = ""; $FILE{debug}{fd}->sysseek(0, 2);
$FILE{debug}{buf} = "";
};
if ($@) {
msg("Warning: Failed to open file \"$opt{D}\": $@");
return undef;
}
# Any extras listed in "match_log" # Any extras listed in "match_log"
if ($t and exists $t->{match_log}) { if ($t and exists $t->{match_log}) {
for my $k (keys %{ $t->{match_log} || {} }) { for my $k (keys %{ $t->{match_log} || {} }) {
my($neg,$fn) = ($k =~ m/^(-?)(.*)$/); my($neg,$fn) = ($k =~ m/^(-?)(.*)$/);
next if (!$fn or exists $FILE{$fn}); next if (!$fn or exists $FILE{$fn});
#dbg("Opening additional log: $fn"); eval {
$FILE{$fn}{fn} = $fn; $FILE{$fn}{fn} = $fn;
$FILE{$fn}{fd} = new FileHandle($fn, O_RDWR|O_CREAT); $FILE{$fn}{fd} = new FileHandle($fn, O_RDWR|O_CREAT) or die "$!\n";
$FILE{$fn}{fd}->blocking(0); $FILE{$fn}{fd}->blocking(0);
$FILE{$fn}{fd}->sysseek(0, 2); $FILE{$fn}{fd}->sysseek(0, 2);
$FILE{$fn}{buf} = ""; $FILE{$fn}{buf} = "";
};
if ($@) {
msg("Warning: Failed to open file \"$fn\": $@");
return undef;
}
} }
} }
} }