More regression updates.

2025-09-29 19:24:29 +03:00 · 2008-05-23 19:25:03 +00:00
parent 59629a6aff
commit 49e63a3e30
10 changed files with 568 additions and 5 deletions
--- a/apache2/t/regression/config/00-audit-directives.t
+++ b/apache2/t/regression/config/00-audit-directives.t
@@ -0,0 +1,188 @@
+### SecAudit* directive tests
+{
+	type => "config",
+	comment => "SecAuditEngine On",
+	conf => qq(
+		SecAuditEngine On
+		SecAuditLog $ENV{AUDIT_LOG}
+	),
+	match_log => {
+		audit => [ qr/./, 1 ],
+	},
+	match_response => {
+		status => qr/^200$/,
+	},
+	request => new HTTP::Request(
+		GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt",
+	),
+},
+{
+	type => "config",
+	comment => "SecAuditEngine Off",
+	conf => qq(
+		SecAuditEngine Off
+		SecAuditLog $ENV{AUDIT_LOG}
+	),
+	match_log => {
+		-audit => [ qr/./, 1 ],
+	},
+	match_response => {
+		status => qr/^200$/,
+	},
+	request => new HTTP::Request(
+		GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt",
+	),
+},
+{
+	type => "config",
+	comment => "SecAuditEngine RelevantOnly (pos)",
+	conf => qq(
+		SecRuleEngine On
+		SecAuditEngine RelevantOnly
+		SecAuditLog $ENV{AUDIT_LOG}
+		SecDebugLog $ENV{DEBUG_LOG}
+		SecDebugLogLevel 9
+		SecResponseBodyAccess On
+		SecDefaultAction "phase:2,log,auditlog,pass"
+		SecRule REQUEST_URI "." "phase:4,deny"
+	),
+	match_log => {
+		audit => [ qr/./, 1 ],
+	},
+	match_response => {
+		status => qr/^403$/,
+	},
+	request => new HTTP::Request(
+		GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt",
+	),
+},
+{
+	type => "config",
+	comment => "SecAuditEngine RelevantOnly (neg)",
+	conf => qq(
+		SecAuditEngine RelevantOnly
+		SecAuditLog $ENV{AUDIT_LOG}
+		SecResponseBodyAccess On
+		SecDefaultAction "phase:2,log,auditlog,pass"
+	),
+	match_log => {
+		-audit => [ qr/./, 1 ],
+	},
+	match_response => {
+		status => qr/^200$/,
+	},
+	request => new HTTP::Request(
+		GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt",
+	),
+},
+{
+	type => "config",
+	comment => "SecAuditLogRelevantStatus (pos)",
+	conf => qq(
+		SecAuditEngine RelevantOnly
+		SecAuditLog $ENV{AUDIT_LOG}
+		SecAuditLogRelevantStatus "^4"
+	),
+	match_log => {
+		audit => [ qr/./, 1 ],
+	},
+	match_response => {
+		status => qr/^404$/,
+	},
+	request => new HTTP::Request(
+		GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/bogus",
+	),
+},
+{
+	type => "config",
+	comment => "SecAuditLogRelevantStatus (neg)",
+	conf => qq(
+		SecAuditEngine RelevantOnly
+		SecAuditLog $ENV{AUDIT_LOG}
+		SecAuditLogRelevantStatus "^4"
+	),
+	match_log => {
+		-audit => [ qr/./, 1 ],
+	},
+	match_response => {
+		status => qr/^200$/,
+	},
+	request => new HTTP::Request(
+		GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt",
+	),
+},
+{
+	type => "config",
+	comment => "SecAuditLogParts (minimal)",
+	conf => qq(
+		SecAuditEngine On
+		SecAuditLog $ENV{AUDIT_LOG}
+		SecRequestBodyAccess On
+		SecResponseBodyAccess On
+		SecAuditLogParts "AZ"
+	),
+	match_log => {
+		audit => [ qr/-A--.*-Z--/s, 1 ],
+		-audit => [ qr/-[B-Y]--/, 1 ],
+	},
+	match_response => {
+		status => qr/^200$/,
+	},
+	request => new HTTP::Request(
+		POST => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt",
+		[
+			"Content-Type" => "application/x-www-form-urlencoded",
+		],
+		"a=1r&=2",
+	),
+},
+{
+	type => "config",
+	comment => "SecAuditLogParts (default)",
+	conf => qq(
+		SecAuditEngine On
+		SecAuditLog $ENV{AUDIT_LOG}
+		SecRequestBodyAccess On
+		SecResponseBodyAccess On
+	),
+	match_log => {
+		audit => [ qr/-A--.*-B--.*-F--.*-H--.*-Z--/s, 1 ],
+		-audit => [ qr/-[DEGIJK]--/, 1 ],
+	},
+	match_response => {
+		status => qr/^200$/,
+	},
+	request => new HTTP::Request(
+		POST => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt",
+		[
+			"Content-Type" => "application/x-www-form-urlencoded",
+		],
+		"a=1r&=2",
+	),
+},
+{
+	type => "config",
+	comment => "SecAuditLogParts (all)",
+	conf => qq(
+		SecRuleEngine On
+		SecAuditEngine On
+		SecAuditLog $ENV{AUDIT_LOG}
+		SecRequestBodyAccess On
+		SecResponseBodyAccess On
+		SecAuditLogParts "ABCDEFGHIJKZ"
+		SecAction "phase:4,log,auditlog,allow"
+	),
+	match_log => {
+		audit => [ qr/-A--.*-B--.*-C--.*-F--.*-E--.*-H--.*-K--.*-Z--/s, 1 ],
+	},
+	match_response => {
+		status => qr/^200$/,
+	},
+	request => new HTTP::Request(
+		POST => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt",
+		[
+			"Content-Type" => "application/x-www-form-urlencoded",
+		],
+		"a=1r&=2",
+	),
+},
--- a/apache2/t/regression/config/00-debug-directives.t
+++ b/apache2/t/regression/config/00-debug-directives.t
@@ -0,0 +1,278 @@
+### SecDebug* directive tests
+{
+	type => "config",
+	comment => "SecDebugLog (pos)",
+	conf => qq(
+		SecRuleEngine On
+		SecDebugLog $ENV{DEBUG_LOG}
+		SecDebugLogLevel 9
+	),
+	match_log => {
+		debug => [ qr/./, 1 ],
+	},
+	match_response => {
+		status => qr/^200$/,
+	},
+	request => new HTTP::Request(
+		GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt",
+	),
+},
+{
+	type => "config",
+	comment => "SecDebugLog (neg)",
+	conf => qq(
+		SecRuleEngine On
+	),
+	match_log => {
+		-debug => [ qr/./, 1 ],
+	},
+	match_response => {
+		status => qr/^200$/,
+	},
+	request => new HTTP::Request(
+		GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt",
+	),
+},
+{
+	type => "config",
+	comment => "SecDebugLogLevel 0",
+	conf => qq(
+		SecRuleEngine On
+		SecDebugLog $ENV{DEBUG_LOG}
+		SecDebugLogLevel 0
+		SecRule REQUEST_URI "." "phase:1,deny"
+	),
+	match_log => {
+		-debug => [ qr/./, 1 ],
+	},
+	match_response => {
+		status => qr/^403$/,
+	},
+	request => new HTTP::Request(
+		GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt",
+	),
+},
+{
+	type => "config",
+	comment => "SecDebugLogLevel 1",
+	conf => qq(
+		SecRuleEngine On
+		SecDebugLog $ENV{DEBUG_LOG}
+		SecDebugLogLevel 1
+		SecRuleScript "test.lua" "phase:1"
+		SecRule REQUEST_URI "(.)" "phase:4,deny,deprecatevar:bogus"
+	),
+	match_log => {
+		debug => [ qr/\]\[[1]\] /, 1 ],
+		-debug => [ qr/\]\[[2-9]\] /, 1 ],
+	},
+	match_response => {
+		status => qr/^403$/,
+	},
+	request => new HTTP::Request(
+		POST => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt",
+		[
+			"Content-Type" => "application/x-www-form-urlencoded",
+		],
+		"a=1&b=2",
+	),
+},
+{
+	type => "config",
+	comment => "SecDebugLogLevel 2",
+	conf => qq(
+		SecRuleEngine DetectionOnly
+		SecDebugLog $ENV{DEBUG_LOG}
+		SecDebugLogLevel 2
+		SecRuleScript "test.lua" "phase:1"
+		SecRule REQUEST_URI "(.)" "phase:4,deny,deprecatevar:bogus"
+	),
+	match_log => {
+		debug => [ qr/\]\[2\] /, 1 ],
+		-debug => [ qr/\]\[[3-9]\] /, 1 ],
+	},
+	match_response => {
+		status => qr/^200$/,
+	},
+	request => new HTTP::Request(
+		POST => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt",
+		[
+			"Content-Type" => "application/x-www-form-urlencoded",
+		],
+		"a=1&b=2",
+	),
+},
+{
+	type => "config",
+	comment => "SecDebugLogLevel 3",
+	conf => qq(
+		SecRuleEngine On
+		SecDebugLog $ENV{DEBUG_LOG}
+		SecDebugLogLevel 3
+		SecRuleScript "test.lua" "phase:1"
+		SecRule REQUEST_URI "(.)" "phase:4,deny,deprecatevar:bogus"
+	),
+	match_log => {
+		debug => [ qr/\]\[3\] /, 1 ],
+		-debug => [ qr/\]\[[4-9]\] /, 1 ],
+	},
+	match_response => {
+		status => qr/^403$/,
+	},
+	request => new HTTP::Request(
+		POST => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt",
+		[
+			"Content-Type" => "application/x-www-form-urlencoded",
+		],
+		"a=1&b=2",
+	),
+},
+{
+	type => "config",
+	comment => "SecDebugLogLevel 4",
+	conf => qq(
+		SecRuleEngine On
+		SecDebugLog $ENV{DEBUG_LOG}
+		SecDebugLogLevel 4
+		SecRuleScript "test.lua" "phase:1"
+		SecRule REQUEST_URI "(.)" "phase:4,deny,deprecatevar:bogus"
+	),
+	match_log => {
+		debug => [ qr/\]\[4\] /, 1 ],
+		-debug => [ qr/\]\[[5-9]\] /, 1 ],
+	},
+	match_response => {
+		status => qr/^403$/,
+	},
+	request => new HTTP::Request(
+		POST => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt",
+		[
+			"Content-Type" => "application/x-www-form-urlencoded",
+		],
+		"a=1&b=2",
+	),
+},
+{
+	type => "config",
+	comment => "SecDebugLogLevel 5",
+	conf => qq(
+		SecRuleEngine On
+		SecDebugLog $ENV{DEBUG_LOG}
+		SecDebugLogLevel 5
+		SecRuleScript "test.lua" "phase:1"
+		SecRule REQUEST_URI "(.)" "phase:4,deny,deprecatevar:bogus"
+	),
+	match_log => {
+		debug => [ qr/\]\[5\] /, 1 ],
+		-debug => [ qr/\]\[[6-9]\] /, 1 ],
+	},
+	match_response => {
+		status => qr/^403$/,
+	},
+	request => new HTTP::Request(
+		POST => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt",
+		[
+			"Content-Type" => "application/x-www-form-urlencoded",
+		],
+		"a=1&b=2",
+	),
+},
+{
+	type => "config",
+	comment => "SecDebugLogLevel 6",
+	conf => qq(
+		SecRuleEngine On
+		SecDebugLog $ENV{DEBUG_LOG}
+		SecDebugLogLevel 6
+		SecRuleScript "test.lua" "phase:1"
+		SecRule REQUEST_URI "(.)" "phase:4,deny,deprecatevar:bogus"
+	),
+	match_log => {
+		debug => [ qr/\]\[6\] /, 1 ],
+		-debug => [ qr/\]\[[7-9]\] /, 1 ],
+	},
+	match_response => {
+		status => qr/^403$/,
+	},
+	request => new HTTP::Request(
+		POST => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt",
+		[
+			"Content-Type" => "application/x-www-form-urlencoded",
+		],
+		"a=1&b=2",
+	),
+},
+{
+	type => "config",
+	comment => "SecDebugLogLevel 7",
+	conf => qq(
+		SecRuleEngine On
+		SecDebugLog $ENV{DEBUG_LOG}
+		SecDebugLogLevel 7
+		SecRuleScript "test.lua" "phase:1"
+		SecRule REQUEST_URI "(.)" "phase:4,deny,deprecatevar:bogus"
+	),
+	match_log => {
+		debug => [ qr/\]\[7\] /, 1 ],
+		-debug => [ qr/\]\[[8-9]\] /, 1 ],
+	},
+	match_response => {
+		status => qr/^403$/,
+	},
+	request => new HTTP::Request(
+		POST => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt",
+		[
+			"Content-Type" => "application/x-www-form-urlencoded",
+		],
+		"a=1&b=2",
+	),
+},
+{
+	type => "config",
+	comment => "SecDebugLogLevel 8",
+	conf => qq(
+		SecRuleEngine On
+		SecDebugLog $ENV{DEBUG_LOG}
+		SecDebugLogLevel 8
+		SecRuleScript "test.lua" "phase:1"
+		SecRule REQUEST_URI "(.)" "phase:4,deny,deprecatevar:bogus"
+	),
+	match_log => {
+		debug => [ qr/\]\[8\] /, 1 ],
+		-debug => [ qr/\]\[9\] /, 1 ],
+	},
+	match_response => {
+		status => qr/^403$/,
+	},
+	request => new HTTP::Request(
+		POST => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt",
+		[
+			"Content-Type" => "application/x-www-form-urlencoded",
+		],
+		"a=1&b=2",
+	),
+},
+{
+	type => "config",
+	comment => "SecDebugLogLevel 9",
+	conf => qq(
+		SecRuleEngine On
+		SecDebugLog $ENV{DEBUG_LOG}
+		SecDebugLogLevel 9
+		SecRuleScript "test.lua" "phase:1"
+		SecRule REQUEST_URI "(.)" "phase:4,deny,deprecatevar:bogus"
+	),
+	match_log => {
+		debug => [ qr/\]\[9\] /, 1 ],
+	},
+	match_response => {
+		status => qr/^403$/,
+	},
+	request => new HTTP::Request(
+		POST => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt",
+		[
+			"Content-Type" => "application/x-www-form-urlencoded",
+		],
+		"a=1&b=2",
+	),
+},