github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2025-11-15 17:12:14 +03:00
Code Issues Packages Projects Releases Wiki Activity

actions: Removes Rule parameter from runtime execute

Browse Source 
Generals organization on the Action class
This commit is contained in:
Felipe Zimmerle
2020-05-18 21:33:03 -03:00
parent a8d34873c8
commit 3832042531
191 changed files with 3156 additions and 2779 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
test/test-cases/regression/action-block.json
View File

@@ -27,7 +27,7 @@
},
"rules":[
"SecRuleEngine On",
"SecDefaultAction \"phase:1,log,block,status:404\"",
"SecDefaultAction \"phase:1,log,status:404\"",
"SecRule REQUEST_URI \"@contains path1\" \"phase:1,block,id:5\""
]
},
@@ -59,7 +59,7 @@
},
"rules":[
"SecRuleEngine On",
"SecDefaultAction \"phase:1,log,block,deny,status:400\"",
"SecDefaultAction \"phase:1,log,deny,status:400\"",
"SecRule REQUEST_URI \"@contains path1\" \"phase:1,block,id:5\""
]
}

4
test/test-cases/regression/action-tnf-base64.json
View File

@@ -36,7 +36,7 @@
]
},
"expected":{
"debug_log": "t:base64encode: \"dmFsdWUyCg==\""
"debug_log": "t:base64Encode: \"dmFsdWUyCg==\""
},
"rules":[
"SecRuleEngine On",
@@ -80,7 +80,7 @@
]
},
"expected":{
"debug_log": "t:base64decode: \"value2\""
"debug_log": "t:base64Decode: \"value2\""
},
"rules":[
"SecRuleEngine On",

240
test/test-cases/regression/auditlog-ctl.json Normal file
View File

@@ -0,0 +1,240 @@
[
{
"enabled": 1,
"version_min": 300000,
"version_max": 0,
"title": "ctl:auditlogparts : +E",
"client": {
"ip": "200.249.12.31",
"port": 2313
},
"server": {
"ip": "200.249.12.31",
"port": 80
},
"request": {
"headers": {
"Host": "www.modsecurity.org",
"User-Agent": "Mozilla\/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.1.5) Gecko\/20091102 Firefox\/3.5.5 (.NET CLR 3.5.30729)",
"Accept": "text\/html,application\/xhtml+xml,application\/xml;q=0.9,*\/*;q=0.8",
"Accept-Language": "en-us,en;q=0.5",
"Accept-Encoding": "gzip,deflate",
"Accept-Charset": "ISO-8859-1,utf-8;q=0.7,*;q=0.7",
"Keep-Alive": "300",
"Connection": "keep-alive",
"Pragma": "no-cache",
"Cache-Control": "no-cache"
},
"uri": "\/test.pl?param1= test &param2=test2",
"method": "GET",
"http_version": 1.1,
"body": ""
},
"response": {
"headers": {
"Content-Type": "plain\/text\n\r"
},
"body": [
"test"
]
},
"expected": {
"audit_log": "",
"debug_log": "Request was relevant to be saved. Parts: 34",
"error_log": "",
"http_code": 403
},
"rules": [
"SecRuleEngine On",
"SecAuditEngine RelevantOnly",
"SecAuditLogParts A",
"SecAuditLogStorageDir /tmp/test",
"SecAuditLogDirMode 0766",
"SecAuditLogFileMode 0600",
"SecAuditLogType Parallel",
"SecAuditLogRelevantStatus \"^(?:5|4(?!04))\"",
"SecRule ARGS \"@contains test\" \"id:1,t:trim,ctl:auditlogparts=+E\"",
"SecRule ARGS \"@contains test\" \"id:2,t:trim,deny,auditlog\""
]
},
{
"enabled": 1,
"version_min": 300000,
"version_max": 0,
"title": "ctl:auditlogparts : +E-E",
"client": {
"ip": "200.249.12.31",
"port": 2313
},
"server": {
"ip": "200.249.12.31",
"port": 80
},
"request": {
"headers": {
"Host": "www.modsecurity.org",
"User-Agent": "Mozilla\/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.1.5) Gecko\/20091102 Firefox\/3.5.5 (.NET CLR 3.5.30729)",
"Accept": "text\/html,application\/xhtml+xml,application\/xml;q=0.9,*\/*;q=0.8",
"Accept-Language": "en-us,en;q=0.5",
"Accept-Encoding": "gzip,deflate",
"Accept-Charset": "ISO-8859-1,utf-8;q=0.7,*;q=0.7",
"Keep-Alive": "300",
"Connection": "keep-alive",
"Pragma": "no-cache",
"Cache-Control": "no-cache"
},
"uri": "\/test.pl?param1= test &param2=test2",
"method": "GET",
"http_version": 1.1,
"body": ""
},
"response": {
"headers": {
"Content-Type": "plain\/text\n\r"
},
"body": [
"test"
]
},
"expected": {
"audit_log": "",
"debug_log": "Request was relevant to be saved. Parts: 2",
"error_log": "",
"http_code": 403
},
"rules": [
"SecRuleEngine On",
"SecAuditEngine RelevantOnly",
"SecAuditLogParts A",
"SecAuditLogStorageDir /tmp/test",
"SecAuditLogDirMode 0766",
"SecAuditLogFileMode 0600",
"SecAuditLogType Parallel",
"SecAuditLogRelevantStatus \"^(?:5|4(?!04))\"",
"SecRule ARGS \"@contains test\" \"id:1,t:trim,ctl:auditlogparts=+E\"",
"SecRule ARGS \"@contains test\" \"id:2,t:trim,ctl:auditlogparts=-E\"",
"SecRule ARGS \"@contains test\" \"id:3,t:trim,deny,auditlog\""
]
},
{
"enabled": 1,
"version_min": 300000,
"version_max": 0,
"title": "ctl:auditlogparts : +E-E+E",
"client": {
"ip": "200.249.12.31",
"port": 2313
},
"server": {
"ip": "200.249.12.31",
"port": 80
},
"request": {
"headers": {
"Host": "www.modsecurity.org",
"User-Agent": "Mozilla\/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.1.5) Gecko\/20091102 Firefox\/3.5.5 (.NET CLR 3.5.30729)",
"Accept": "text\/html,application\/xhtml+xml,application\/xml;q=0.9,*\/*;q=0.8",
"Accept-Language": "en-us,en;q=0.5",
"Accept-Encoding": "gzip,deflate",
"Accept-Charset": "ISO-8859-1,utf-8;q=0.7,*;q=0.7",
"Keep-Alive": "300",
"Connection": "keep-alive",
"Pragma": "no-cache",
"Cache-Control": "no-cache"
},
"uri": "\/test.pl?param1= test &param2=test2",
"method": "GET",
"http_version": 1.1,
"body": ""
},
"response": {
"headers": {
"Content-Type": "plain\/text\n\r"
},
"body": [
"test"
]
},
"expected": {
"audit_log": "",
"debug_log": "Request was relevant to be saved. Parts: 34",
"error_log": "",
"http_code": 403
},
"rules": [
"SecRuleEngine On",
"SecAuditEngine RelevantOnly",
"SecAuditLogParts A",
"SecAuditLogStorageDir /tmp/test",
"SecAuditLogDirMode 0766",
"SecAuditLogFileMode 0600",
"SecAuditLogType Parallel",
"SecAuditLogRelevantStatus \"^(?:5|4(?!04))\"",
"SecRule ARGS \"@contains test\" \"id:1,t:trim,ctl:auditlogparts=+E\"",
"SecRule ARGS \"@contains test\" \"id:2,t:trim,ctl:auditlogparts=-E\"",
"SecRule ARGS \"@contains test\" \"id:3,t:trim,ctl:auditlogparts=+E\"",
"SecRule ARGS \"@contains test\" \"id:4,t:trim,deny,auditlog\""
]
},
{
"enabled": 1,
"version_min": 300000,
"version_max": 0,
"title": "ctl:auditlogparts : +E-E+E+H",
"client": {
"ip": "200.249.12.31",
"port": 2313
},
"server": {
"ip": "200.249.12.31",
"port": 80
},
"request": {
"headers": {
"Host": "www.modsecurity.org",
"User-Agent": "Mozilla\/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.1.5) Gecko\/20091102 Firefox\/3.5.5 (.NET CLR 3.5.30729)",
"Accept": "text\/html,application\/xhtml+xml,application\/xml;q=0.9,*\/*;q=0.8",
"Accept-Language": "en-us,en;q=0.5",
"Accept-Encoding": "gzip,deflate",
"Accept-Charset": "ISO-8859-1,utf-8;q=0.7,*;q=0.7",
"Keep-Alive": "300",
"Connection": "keep-alive",
"Pragma": "no-cache",
"Cache-Control": "no-cache"
},
"uri": "\/test.pl?param1= test &param2=test2",
"method": "GET",
"http_version": 1.1,
"body": ""
},
"response": {
"headers": {
"Content-Type": "plain\/text\n\r"
},
"body": [
"test"
]
},
"expected": {
"audit_log": "",
"debug_log": "Request was relevant to be saved. Parts: 290",
"error_log": "",
"http_code": 403
},
"rules": [
"SecRuleEngine On",
"SecAuditEngine RelevantOnly",
"SecAuditLogParts A",
"SecAuditLogStorageDir /tmp/test",
"SecAuditLogDirMode 0766",
"SecAuditLogFileMode 0600",
"SecAuditLogType Parallel",
"SecAuditLogRelevantStatus \"^(?:5|4(?!04))\"",
"SecRule ARGS \"@contains test\" \"id:1,t:trim,ctl:auditlogparts=+E\"",
"SecRule ARGS \"@contains test\" \"id:2,t:trim,ctl:auditlogparts=-E\"",
"SecRule ARGS \"@contains test\" \"id:3,t:trim,ctl:auditlogparts=+E\"",
"SecRule ARGS \"@contains test\" \"id:4,t:trim,ctl:auditlogparts=+H\"",
"SecRule ARGS \"@contains test\" \"id:5,t:trim,deny,auditlog\""
]
}
]

4
test/test-cases/regression/collection-regular_expression_selection.json
View File

@@ -48,12 +48,12 @@
},
"expected":{
"audit_log":"",
"debug_log":"T \\(0\\) t:lowercase: \"test2\"",
"debug_log":"T \\(0\\) t:lowerCase: \"test2\"",
"error_log":""
},
"rules":[
"SecRuleEngine On",
"SecRule ARGS:/^id_/ \"@contains nops\" \"id:1,t:lowercase,block,status:404\""
"SecRule ARGS:/^id_/ \"@contains nops\" \"id:1,t:lowerCase,block,status:404\""
]
},
{

8
test/test-cases/regression/config-secdefaultaction.json
View File

@@ -48,14 +48,14 @@
},
"expected":{
"audit_log":"",
"debug_log":"lowercase: \"300\"",
"debug_log":"lowerCase: \"300\"",
"error_log":""
},
"rules":[
"SecRuleEngine On",
"SecDefaultAction \"phase:2,t:lowercase,pass\"",
"SecDefaultAction \"phase:2,t:lowerCase,pass\"",
"SecRule REQUEST_HEADERS \"@contains PHPSESSID\" \"phase:2,id:1,msg:'This is a test, %{REQUEST_HEADERS:Accept}%'\"",
"SecRule TX \"@contains to_test\" \"id:2,t:lowercase,t:none\""
"SecRule TX \"@contains to_test\" \"id:2,t:lowerCase,t:none\""
]
},
{
@@ -123,7 +123,7 @@
"version_max":0,
"title":"Testing action :: SecDefaultAction: t:none",
"expected":{
"parser_error":"The transformation none is not suitable to be part of the SecDefaultActions"
"parser_error":"The action 't:none' is not suitable to be part of the SecDefaultActions"
},
"rules":[
"SecRuleEngine On",

44
test/test-cases/regression/config-update-action-by-id.json
View File

@@ -267,6 +267,50 @@
"SecRuleUpdateActionById 200004 \"redirect:'https://%{request_headers.host}/'\"",
"SecRule ARGS \"@contains value1\" \"phase:3,id:200004,block,deny\""
]
},
{
"enabled":1,
"version_min":300000,
"title":"SecRuleUpdateActionById (7/n)",
"issue":"2376",
"client":{
"ip":"200.249.12.31",
"port":123
},
"server":{
"ip":"200.249.12.31",
"port":80
},
"request":{
"headers":{
"Host":"localhost",
"User-Agent":"curl/7.38.0",
"Accept":"*/*",
"Content-Length":"330",
"Content-Type":"application/lhebs",
"Expect":"100-continue"
},
"uri":"/a=urlencoded?param1=value1",
"method":"GET"
},
"response":{
"headers":{
"Date":"Mon, 13 Jul 2015 20:02:41 GMT",
"Last-Modified":"Sun, 26 Oct 2014 22:33:37 GMT",
"Content-Type":"text/html"
},
"body":[
"no need."
]
},
"expected":{
"http_code": 403
},
"rules":[
"SecRuleEngine On",
"SecRuleUpdateActionById 200004 \"t:none,t:lowercase\"",
"SecRule ARGS \"@contains value1\" \"phase:3,id:200004,deny,status:403\""
]
}
]

8
test/test-cases/regression/misc-variable-under-quotes.json
View File

@@ -31,10 +31,10 @@
]
},
"expected":{
"debug_log":"t:lowercase:"
"debug_log":"t:lowerCase:"
},
"rules":[
"SecRule \"REQUEST_LINE\" \"@contains index.php/admin/cms/wysiwyg/directive/\" \"id:1,t:lowercase,ctl:auditLogParts=+E\""
"SecRule \"REQUEST_LINE\" \"@contains index.php/admin/cms/wysiwyg/directive/\" \"id:1,t:lowerCase,ctl:auditLogParts=+E\""
]
},
{
@@ -69,10 +69,10 @@
]
},
"expected":{
"debug_log":"t:lowercase:"
"debug_log":"t:lowerCase:"
},
"rules":[
"SecRule \"REQUEST_LINE\" \"index.php/admin/cms/wysiwyg/directive/\" \"id:1,t:lowercase,ctl:auditLogParts=+E\""
"SecRule \"REQUEST_LINE\" \"index.php/admin/cms/wysiwyg/directive/\" \"id:1,t:lowerCase,ctl:auditLogParts=+E\""
]
}
]

16
test/test-cases/regression/offset-variable.json
View File

@@ -831,13 +831,13 @@
]
},
"expected":{
"error_log":"o0,4v64,13t:lowercase",
"error_log":"o0,4v64,13t:lowerCase",
"http_code": 403
},
"rules":[
"SecRequestBodyAccess On",
"SecRuleEngine On",
"SecRule REQUEST_HEADERS_NAMES \"auth\" \"id:1,phase:2,pass,t:lowercase,msg:'ops',deny\""
"SecRule REQUEST_HEADERS_NAMES \"auth\" \"id:1,phase:2,pass,t:lowerCase,msg:'ops',deny\""
]
},
{
@@ -865,13 +865,13 @@
]
},
"expected":{
"error_log":"o1,2v216,3t:lowercase",
"error_log":"o1,2v216,3t:lowerCase",
"http_code":403
},
"rules":[
"SecRequestBodyAccess On",
"SecRuleEngine On",
"SecRule REQUEST_COOKIES \"es\" \"id:1,phase:2,pass,t:lowercase,msg:'ops',deny\""
"SecRule REQUEST_COOKIES \"es\" \"id:1,phase:2,pass,t:lowerCase,msg:'ops',deny\""
]
},
{
@@ -899,13 +899,13 @@
]
},
"expected":{
"error_log":"o0,1v223,1t:lowercase",
"error_log":"o0,1v223,1t:lowerCase",
"http_code":403
},
"rules":[
"SecRequestBodyAccess On",
"SecRuleEngine On",
"SecRule REQUEST_COOKIES \"z\" \"id:1,phase:2,pass,t:lowercase,msg:'ops',deny\""
"SecRule REQUEST_COOKIES \"z\" \"id:1,phase:2,pass,t:lowerCase,msg:'ops',deny\""
]
},
{
@@ -933,13 +933,13 @@
]
},
"expected":{
"error_log":"o0,1v228,1t:lowercase",
"error_log":"o0,1v228,1t:lowerCase",
"http_code": 403
},
"rules":[
"SecRequestBodyAccess On",
"SecRuleEngine On",
"SecRule REQUEST_COOKIES \"b\" \"id:1,phase:2,pass,t:lowercase,msg:'ops',deny\""
"SecRule REQUEST_COOKIES \"b\" \"id:1,phase:2,pass,t:lowerCase,msg:'ops',deny\""
]
},
{

38
test/test-cases/regression/tempCodeRunnerFile.json Normal file
View File

@@ -0,0 +1,38 @@
"enabled":1,
"version_min":300000,
"title":"Testing allow action (1/3)",
"expected":{
"debug_log": "Skipped rule id 'action-allow.json:3' as request trough the utilization of an `allow' action",
"http_code": 200
},
"client":{
"ip":"200.249.12.31",
"port":123
},
"request":{
"headers":{
"Host":"localhost",
"User-Agent":"curl/7.38.0",
"Accept":"*/*",
"User-Agent":"My sweet little browser",
"Cookie": "PHPSESSID=rAAAAAAA2t5uvjq435r4q7ib3vtdjq120"
},
"uri":"/?key=value&key=other_value",
"method":"GET"
},
"server":{
"ip":"200.249.12.31",
"port":80
},
"rules":[
"SecRuleEngine On",
"SecAction \"phase:1,allow,msg:'ALLOWED',id:500065\"",
"SecAction \"phase:1,deny,msg:'DENIED',id:500066\""
]
},
{
"enabled":1,
"version_min":300000,
"title":"Testing allow action (2/3)",
"expected":{

4
test/test-cases/regression/transformations.json
View File

@@ -107,12 +107,12 @@
},
"expected": {
"audit_log": "",
"debug_log": "lowercase: \"test",
"debug_log": "lowerCase: \"test",
"error_log": ""
},
"rules": [
"SecRuleEngine On",
"SecRule ARGS \"@contains test \" \"id:1,pass,t:trim,t:lowercase\""
"SecRule ARGS \"@contains test \" \"id:1,pass,t:trim,t:lowerCase\""
]
},
{