github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2025-08-13 13:26:01 +03:00
Code Issues Packages Projects Releases Wiki Activity

Add test cases for m.setvar in Lua scripts

Browse Source
This commit is contained in:
Victor Hora 2018-09-19 19:47:05 -04:00
parent 6f458b5203
commit 5aa79c17f2
3 changed files with 265 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
Makefile.am
View File

@ -131,6 +131,7 @@ TESTS+=test/test-cases/regression/variable-ARGS.json
TESTS+=test/test-cases/regression/variable-ARGS_POST_NAMES.json TESTS+=test/test-cases/regression/variable-ARGS_POST_NAMES.json
TESTS+=test/test-cases/regression/config-remove_by_tag.json TESTS+=test/test-cases/regression/config-remove_by_tag.json
TESTS+=test/test-cases/regression/collection-regular_expression_selection.json TESTS+=test/test-cases/regression/collection-regular_expression_selection.json
TESTS+=test/test-cases/regression/collection-lua.json
TESTS+=test/test-cases/regression/issue-960.json TESTS+=test/test-cases/regression/issue-960.json
TESTS+=test/test-cases/regression/variable-WEBAPPID.json TESTS+=test/test-cases/regression/variable-WEBAPPID.json
TESTS+=test/test-cases/regression/variable-ARGS_GET_NAMES.json TESTS+=test/test-cases/regression/variable-ARGS_GET_NAMES.json

10
test/test-cases/data/setvar.lua Normal file
View File

@ -0,0 +1,10 @@
function main()
var = 2;
m.setvar("TX.lua_set_var", var);
m.setvar("IP.lua_set_var", var);
m.setvar("GLOBAL.lua_set_var", var);
m.setvar("RESOURCE.lua_set_var", var);
m.setvar("SESSION.lua_set_var", var);
m.setvar("USER.lua_set_var", var);
return nil;
end

254
test/test-cases/regression/collection-lua.json Normal file
View File

@ -0,0 +1,254 @@
[
{
"enabled":1,
"version_min":300000,
"title":"Testing LUA :: m.set TX (1/6)",
"resource":"lua",
"client":{
"ip":"200.249.12.31",
"port":123
},
"server":{
"ip":"200.249.12.31",
"port":80
},
"request":{
"headers":{
"Host":"localhost",
"User-Agent":"My sweet little browser",
"Accept":"*/*",
"Content-Length": "0"
},
"uri":"/whee?res=1",
"method":"GET",
"body": [ ]
},
"response":{
"headers":{},
"body":[
"no need."
]
},
"expected":{
"audit_log":"",
"debug_log":"Target value: \"2\" \\(Variable: TX.lua_set_var\\)",
"error_log":""
},
"rules":[
"SecRuleEngine On",
"SecAction \"id:1,pass,setvar:TX.lua_set_var=1\"",
"SecRuleScript test-cases/data/setvar.lua \"id:2,pass\"",
"SecRule TX.lua_set_var \"@contains 2\" \"id:3,t:none\""
]
},
{
"enabled":1,
"version_min":300000,
"title":"Testing LUA :: m.set IP (2/6)",
"resource":"lua",
"client":{
"ip":"200.249.12.31",
"port":123
},
"server":{
"ip":"200.249.12.31",
"port":80
},
"request":{
"headers":{
"Host":"localhost",
"User-Agent":"My sweet little browser",
"Accept":"*/*",
"Content-Length": "0"
},
"uri":"/whee?res=1",
"method":"GET",
"body": [ ]
},
"response":{
"headers":{},
"body":[
"no need."
]
},
"expected":{
"audit_log":"",
"debug_log":"Target value: \"2\" \\(Variable: IP:::::lua_set_var\\)",
"error_log":""
},
"rules":[
"SecRuleEngine On",
"SecAction \"id:1,pass,setvar:IP.lua_set_var=1\"",
"SecRuleScript test-cases/data/setvar.lua \"id:2,pass\"",
"SecRule IP.lua_set_var \"@contains 2\" \"id:3,t:none\""
]
},
{
"enabled":1,
"version_min":300000,
"title":"Testing LUA :: m.set GLOBAL (3/6)",
"resource":"lua",
"client":{
"ip":"200.249.12.31",
"port":123
},
"server":{
"ip":"200.249.12.31",
"port":80
},
"request":{
"headers":{
"Host":"localhost",
"User-Agent":"My sweet little browser",
"Accept":"*/*",
"Content-Length": "0"
},
"uri":"/whee?res=1",
"method":"GET",
"body": [ ]
},
"response":{
"headers":{},
"body":[
"no need."
]
},
"expected":{
"audit_log":"",
"debug_log":"Target value: \"2\" \\(Variable: GLOBAL:::::lua_set_var\\)",
"error_log":""
},
"rules":[
"SecRuleEngine On",
"SecAction \"id:1,pass,setvar:GLOBAL.lua_set_var=1\"",
"SecRuleScript test-cases/data/setvar.lua \"id:2,pass\"",
"SecRule GLOBAL.lua_set_var \"@contains 2\" \"id:3,t:none\""
]
},
{
"enabled":1,
"version_min":300000,
"title":"Testing LUA :: m.set RESOURCE (4/6)",
"resource":"lua",
"client":{
"ip":"200.249.12.31",
"port":123
},
"server":{
"ip":"200.249.12.31",
"port":80
},
"request":{
"headers":{
"Host":"localhost",
"User-Agent":"My sweet little browser",
"Accept":"*/*",
"Content-Length": "0"
},
"uri":"/whee?res=1",
"method":"GET",
"body": [ ]
},
"response":{
"headers":{},
"body":[
"no need."
]
},
"expected":{
"audit_log":"",
"debug_log":"Target value: \"2\" \\(Variable: RESOURCE:::::lua_set_var\\)",
"error_log":""
},
"rules":[
"SecRuleEngine On",
"SecAction \"id:1,pass,setvar:RESOURCE.lua_set_var=1\"",
"SecRuleScript test-cases/data/setvar.lua \"id:2,pass\"",
"SecRule RESOURCE.lua_set_var \"@contains 2\" \"id:3,t:none\""
]
},
{
"enabled":1,
"version_min":300000,
"title":"Testing LUA :: m.set SESSION (5/6)",
"resource":"lua",
"client":{
"ip":"200.249.12.31",
"port":123
},
"server":{
"ip":"200.249.12.31",
"port":80
},
"request":{
"headers":{
"Host":"localhost",
"User-Agent":"My sweet little browser",
"Accept":"*/*",
"Content-Length": "0"
},
"uri":"/whee?res=1",
"method":"GET",
"body": [ ]
},
"response":{
"headers":{},
"body":[
"no need."
]
},
"expected":{
"audit_log":"",
"debug_log":"Target value: \"2\" \\(Variable: SESSION:::::lua_set_var\\)",
"error_log":""
},
"rules":[
"SecRuleEngine On",
"SecAction \"id:1,pass,setvar:SESSION.lua_set_var=1\"",
"SecRuleScript test-cases/data/setvar.lua \"id:2,pass\"",
"SecRule SESSION.lua_set_var \"@contains 2\" \"id:3,t:none\""
]
},
{
"enabled":1,
"version_min":300000,
"title":"Testing LUA :: m.set USER (6/6)",
"resource":"lua",
"client":{
"ip":"200.249.12.31",
"port":123
},
"server":{
"ip":"200.249.12.31",
"port":80
},
"request":{
"headers":{
"Host":"localhost",
"User-Agent":"My sweet little browser",
"Accept":"*/*",
"Content-Length": "0"
},
"uri":"/whee?res=1",
"method":"GET",
"body": [ ]
},
"response":{
"headers":{},
"body":[
"no need."
]
},
"expected":{
"audit_log":"",
"debug_log":"Target value: \"2\" \\(Variable: USER:::::lua_set_var\\)",
"error_log":""
},
"rules":[
"SecRuleEngine On",
"SecAction \"id:1,pass,setvar:USER.lua_set_var=1\"",
"SecRuleScript test-cases/data/setvar.lua \"id:2,pass\"",
"SecRule USER.lua_set_var \"@contains 2\" \"id:3,t:none\""
]
}
]