Add/update regression tests.

2025-09-30 03:34:29 +03:00 · 2008-05-23 16:30:18 +00:00
parent 29cd97b24c
commit 59629a6aff
3 changed files with 280 additions and 56 deletions
--- a/apache2/t/regression/action/00-disruptive-actions.t
+++ b/apache2/t/regression/action/00-disruptive-actions.t
@@ -1,6 +1,6 @@
 ### Pass
 {
-	type => "rule",
+	type => "action",
 	comment => "pass action in phase:1",
 	conf => qq(
 		SecRuleEngine On
@@ -18,7 +18,7 @@
 	),
 },
 {
-	type => "rule",
+	type => "action",
 	comment => "pass action in phase:2",
 	conf => qq(
 		SecRuleEngine On
@@ -36,7 +36,7 @@
 	),
 },
 {
-	type => "rule",
+	type => "action",
 	comment => "pass action in phase:3",
 	conf => qq(
 		SecRuleEngine On
@@ -54,7 +54,7 @@
 	),
 },
 {
-	type => "rule",
+	type => "action",
 	comment => "pass action in phase:4",
 	conf => qq(
 		SecRuleEngine On
@@ -74,7 +74,7 @@

 ### Allow
 {
-	type => "rule",
+	type => "action",
 	comment => "allow action in phase:1",
 	conf => qq(
 		SecRuleEngine On
@@ -92,7 +92,7 @@
 	),
 },
 {
-	type => "rule",
+	type => "action",
 	comment => "allow action in phase:2",
 	conf => qq(
 		SecRuleEngine On
@@ -110,7 +110,7 @@
 	),
 },
 {
-	type => "rule",
+	type => "action",
 	comment => "allow action in phase:3",
 	conf => qq(
 		SecRuleEngine On
@@ -128,7 +128,7 @@
 	),
 },
 {
-	type => "rule",
+	type => "action",
 	comment => "allow action in phase:4",
 	conf => qq(
 		SecRuleEngine On
@@ -148,7 +148,7 @@

 ### Deny
 {
-	type => "rule",
+	type => "action",
 	comment => "deny action in phase:1",
 	conf => qq(
 		SecRuleEngine On
@@ -165,7 +165,7 @@
 	),
 },
 {
-	type => "rule",
+	type => "action",
 	comment => "deny action in phase:2",
 	conf => qq(
 		SecRuleEngine On
@@ -182,7 +182,7 @@
 	),
 },
 {
-	type => "rule",
+	type => "action",
 	comment => "deny action in phase:3",
 	conf => qq(
 		SecRuleEngine On
@@ -199,7 +199,7 @@
 	),
 },
 {
-	type => "rule",
+	type => "action",
 	comment => "deny action in phase:4",
 	conf => qq(
 		SecRuleEngine On
@@ -218,7 +218,7 @@

 ### Drop
 {
-	type => "rule",
+	type => "action",
 	comment => "drop action in phase:1",
 	conf => qq(
 		SecRuleEngine On
@@ -235,7 +235,7 @@
 	),
 },
 {
-	type => "rule",
+	type => "action",
 	comment => "drop action in phase:2",
 	conf => qq(
 		SecRuleEngine On
@@ -252,7 +252,7 @@
 	),
 },
 {
-	type => "rule",
+	type => "action",
 	comment => "drop action in phase:3",
 	conf => qq(
 		SecRuleEngine On
@@ -269,7 +269,7 @@
 	),
 },
 {
-	type => "rule",
+	type => "action",
 	comment => "drop action in phase:4",
 	conf => qq(
 		SecRuleEngine On
@@ -288,7 +288,7 @@

 ### Redirect
 {
-	type => "rule",
+	type => "action",
 	comment => "redirect action in phase:1 (get)",
 	conf => qq(
 		SecRuleEngine On
@@ -305,7 +305,7 @@
 	),
 },
 {
-	type => "rule",
+	type => "action",
 	comment => "redirect action in phase:2 (get)",
 	conf => qq(
 		SecRuleEngine On
@@ -322,7 +322,7 @@
 	),
 },
 {
-	type => "rule",
+	type => "action",
 	comment => "redirect action in phase:3 (get)",
 	conf => qq(
 		SecRuleEngine On
@@ -339,7 +339,7 @@
 	),
 },
 {
-	type => "rule",
+	type => "action",
 	comment => "redirect action in phase:4 (get)",
 	conf => qq(
 		SecRuleEngine On
@@ -358,7 +358,7 @@

 ### Proxy
 {
-	type => "rule",
+	type => "action",
 	comment => "proxy action in phase:1 (get)",
 	conf => qq(
 		SecRuleEngine On
@@ -375,7 +375,7 @@
 	),
 },
 {
-	type => "rule",
+	type => "action",
 	comment => "proxy action in phase:2 (get)",
 	conf => qq(
 		SecRuleEngine On
@@ -392,7 +392,7 @@
 	),
 },
 {
-	type => "rule",
+	type => "action",
 	comment => "proxy action in phase:3 (get)",
 	conf => qq(
 		SecRuleEngine On
@@ -409,7 +409,7 @@
 	),
 },
 {
-	type => "rule",
+	type => "action",
 	comment => "proxy action in phase:4 (get)",
 	conf => qq(
 		SecRuleEngine On
--- a/apache2/t/regression/config/10-request-directives.t
+++ b/apache2/t/regression/config/10-request-directives.t
@@ -10,7 +10,7 @@
 		SecRule ARGS:b "@streq 2"
 	),
 	match_log => {
-		error => [ qr/Access denied with code 403 \(phase 1\). String match "2" at ARGS:b./, 1 ],
+		error => [ qr/Access denied with code 403 \(phase 1\)\. String match "2" at ARGS:b\./, 1 ],
 	},
 	match_response => {
 		status => qr/^403$/,
@@ -48,7 +48,7 @@
 		SecRule ARGS:b "@streq 2"
 	),
 	match_log => {
-		error => [ qr/Access denied with code 403 \(phase 2\). String match "2" at ARGS:b./, 1 ],
+		error => [ qr/Access denied with code 403 \(phase 2\)\. String match "2" at ARGS:b\./, 1 ],
 	},
 	match_response => {
 		status => qr/^403$/,
@@ -91,17 +91,12 @@
 	comment => "SecRequestBodyAccess (pos)",
 	conf => qq(
 		SecRuleEngine On
-		SecAuditEngine On
-		SecAuditLogParts ABCDEFGHIJKZ
-		SecDebugLog $ENV{DEBUG_LOG}
-		SecDebugLogLevel 9
-		SecAuditLog $ENV{AUDIT_LOG}
 		SecRequestBodyAccess On
 		SecRule ARGS:a "\@streq 1" "phase:2,deny,chain"
 		SecRule ARGS:b "\@streq 2"
 	),
 	match_log => {
-		error => [ qr/Access denied with code 403 \(phase 2\). String match "2" at ARGS:b./, 1 ],
+		error => [ qr/Access denied with code 403 \(phase 2\)\. String match "2" at ARGS:b\./, 1 ],
 	},
 	match_response => {
 		status => qr/^403$/,
@@ -119,11 +114,6 @@
 	comment => "SecRequestBodyAccess (neg)",
 	conf => qq(
 		SecRuleEngine On
-		SecAuditEngine On
-		SecAuditLogParts ABCDEFGHIJKZ
-		SecDebugLog $ENV{DEBUG_LOG}
-		SecDebugLogLevel 9
-		SecAuditLog $ENV{AUDIT_LOG}
 		SecRequestBodyAccess Off
 		SecRule ARGS:a "\@streq 1" "phase:2,deny"
 		SecRule ARGS:b "\@streq 2" "phase:2,deny"
@@ -142,3 +132,176 @@
 		"a=1&b=2",
 	),
 },
+
+### SecRequestBodyLimit
+{
+	type => "config",
+	comment => "SecRequestBodyLimit (equal)",
+	conf => qq(
+		SecRuleEngine On
+		SecRequestBodyAccess On
+		SecRequestBodyLimit 7
+	),
+	match_log => {
+		-error => [ qr/Request body is larger than the configured limit/, 1 ],
+	},
+	match_response => {
+		status => qr/^200$/,
+	},
+	request => new HTTP::Request(
+		POST => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt",
+		[
+			"Content-Type" => "application/x-www-form-urlencoded",
+		],
+		"a=1&b=2",
+	),
+},
+{
+	type => "config",
+	comment => "SecRequestBodyLimit (greater)",
+	conf => qq(
+		SecRuleEngine On
+		SecRequestBodyAccess On
+		SecRequestBodyLimit 5
+	),
+	match_log => {
+		error => [ qr/Request body is larger than the configured limit \(5\)\./, 1 ],
+	},
+	match_response => {
+		status => qr/^413$/,
+	},
+	request => new HTTP::Request(
+		POST => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt",
+		[
+			"Content-Type" => "application/x-www-form-urlencoded",
+		],
+		"a=1&b=2",
+	),
+},
+
+### SecRequestBodyInMemoryLimit
+{
+	type => "config",
+	comment => "SecRequestBodyInMemoryLimit (equal)",
+	conf => qq(
+		SecRuleEngine On
+		SecDebugLog $ENV{DEBUG_LOG}
+		SecDebugLogLevel 9
+		SecRequestBodyAccess On
+		SecRequestBodyLimit 1000
+		SecRequestBodyInMemoryLimit 266
+	),
+	match_log => {
+		-debug => [ qr/Input filter: Request too large to store in memory, switching to disk\./, 1 ],
+	},
+	match_response => {
+		status => qr/^200$/,
+	},
+	request => qq(
+		POST /test.txt HTTP/1.1
+		Host: $ENV{SERVER_NAME}:$ENV{SERVER_PORT}
+		User-Agent: $ENV{USER_AGENT}
+		Content-Type: multipart/form-data; boundary=---------------------------69343412719991675451336310646
+		Transfer-Encoding: chunked
+
+	) . encode_chunked(q(-----------------------------69343412719991675451336310646
+Content-Disposition: form-data; name="a"
+
+1
+-----------------------------69343412719991675451336310646
+Content-Disposition: form-data; name="b"
+
+2
+-----------------------------69343412719991675451336310646--), 1024),
+},
+{
+	type => "config",
+	comment => "SecRequestBodyInMemoryLimit (greater)",
+	conf => qq(
+		SecRuleEngine On
+		SecDebugLog $ENV{DEBUG_LOG}
+		SecDebugLogLevel 9
+		SecRequestBodyAccess On
+		SecRequestBodyLimit 1000
+		SecRequestBodyInMemoryLimit 16
+	),
+	match_log => {
+		debug => [ qr/Input filter: Request too large to store in memory, switching to disk\./, 1 ],
+	},
+	match_response => {
+		status => qr/^200$/,
+	},
+	request => qq(
+		POST /test.txt HTTP/1.1
+		Host: $ENV{SERVER_NAME}:$ENV{SERVER_PORT}
+		User-Agent: $ENV{USER_AGENT}
+		Content-Type: multipart/form-data; boundary=---------------------------69343412719991675451336310646
+		Transfer-Encoding: chunked
+
+	) . encode_chunked(q(-----------------------------69343412719991675451336310646
+Content-Disposition: form-data; name="a"
+
+1
+-----------------------------69343412719991675451336310646
+Content-Disposition: form-data; name="b"
+
+2
+-----------------------------69343412719991675451336310646--), 1024),
+},
+
+### SecCookieFormat
+{
+	type => "config",
+	comment => "SecCookieFormat (pos)",
+	conf => qq(
+		SecRuleEngine On
+		SecDebugLog $ENV{DEBUG_LOG}
+		SecDebugLogLevel 5
+		SecCookieFormat 1
+		SecRule REQUEST_COOKIES_NAMES "\@streq SESSIONID" "phase:1,deny,chain"
+		SecRule REQUEST_COOKIES:\$SESSIONID_PATH "\@streq /" "chain"
+		SecRule REQUEST_COOKIES:SESSIONID "\@streq cookieval"
+	),
+	match_log => {
+		error => [ qr/Access denied with code 403 \(phase 1\)\. String match "cookieval" at REQUEST_COOKIES:SESSIONID\./, 1 ],
+		debug => [ qr(Adding request cookie: name "\$SESSIONID_PATH", value "/"), 1 ],
+	},
+	match_response => {
+		status => qr/^403$/,
+	},
+	request => new HTTP::Request(
+		GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt",
+		[
+			"Cookie" => q($Version="1"; SESSIONID="cookieval"; $PATH="/"),
+		],
+		undef,
+	),
+},
+{
+	type => "config",
+	comment => "SecCookieFormat (neg)",
+	conf => qq(
+		SecRuleEngine On
+		SecDebugLog $ENV{DEBUG_LOG}
+		SecDebugLogLevel 5
+		SecCookieFormat 0
+		SecRule REQUEST_COOKIES_NAMES "\@streq SESSIONID" "phase:1,deny,chain"
+		SecRule REQUEST_COOKIES:\$SESSIONID_PATH "\@streq /" "chain"
+		SecRule REQUEST_COOKIES:SESSIONID "\@streq cookieval"
+	),
+	match_log => {
+		-error => [ qr/Access denied/, 1 ],
+		-debug => [ qr(Adding request cookie: name "\$SESSIONID_PATH", value "/"), 1 ],
+	},
+	match_response => {
+		status => qr/^200$/,
+	},
+	request => new HTTP::Request(
+		GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt",
+		[
+			"Cookie" => q($Version="1"; SESSIONID="cookieval"; $PATH="/"),
+		],
+		undef,
+	),
+},
+