Adds support to config warnings

2025-11-17 01:51:52 +03:00 · 2020-12-22 18:20:46 -03:00
parent bf87f11036
commit 62d35fbf97
17 changed files with 1197 additions and 939 deletions
--- a/test/regression/regression.cc
+++ b/test/regression/regression.cc
@@ -157,7 +157,7 @@ modsecurity::ModSecurity *setupModSec() {
 }


-modsecurity::RulesSet *setupModSecRules(RegressionTestResult *r) {
+modsecurity::RulesSet *setupModSecRules(RegressionTestResult *r, std::string &warning) {
    CustomDebugLog *debug_log = new CustomDebugLog();
    auto rules = new modsecurity::RulesSet(debug_log);
    rules->load("SecDebugLogLevel 9");
@@ -165,8 +165,11 @@ modsecurity::RulesSet *setupModSecRules(RegressionTestResult *r) {

    if (rules->load(r->getRules().c_str(), r->getFileName()) >= 0 &&
        r->getExpectedParserError().empty()) {
+        warning.assign(rules->getParserWarnings());
        return rules;
    }
+    warning.assign(rules->getParserWarnings());
+

    if (!r->getExpectedParserError().empty()) {
        Regex re(r->getExpectedParserError());
@@ -287,6 +290,7 @@ void processLogs(RegressionTest *t,
    const std::string &serverLog,
    const std::string &audit_log,
    const std::string &debug_log,
+    const std::string &parser_warning,
    int status_code) {


@@ -318,6 +322,13 @@ void processLogs(RegressionTest *t,
        reason << KWHT << "Expecting: " << RESET \
            << t->audit_log + "";
        testRes->failed(reason.str());
+    } else if (!contains(parser_warning, t->parser_warn)) {
+        std::stringstream reason;
+        reason << "Parser warning was not matching the " \
+            << "expected results." << std::endl;
+        reason << KWHT << "Expecting: " << RESET \
+            << t->parser_warn + "";
+        testRes->failed(reason.str());
    } else {
        testRes->passed();
        return;
@@ -331,6 +342,8 @@ void processLogs(RegressionTest *t,
        testRes->reason << serverLog << std::endl;
        testRes->reason << KWHT << "Audit log:" << RESET << std::endl;
        testRes->reason << audit_log << std::endl;
+        testRes->reason << KWHT << "Parser warning:" << RESET << std::endl;
+        testRes->reason << parser_warning << std::endl;
    }
 }

@@ -346,6 +359,7 @@ RegressionTestResult *perform_regression_test(
    std::string error_log;
    std::string audit_log;
    std::string debug_log;
+    std::string parser_warning;
    int status_code = 200;

    if (t->enabled == 0) {
@@ -363,7 +377,7 @@ RegressionTestResult *perform_regression_test(
        goto ret;
    }

-    modsec_rules = setupModSecRules(testRes);
+    modsec_rules = setupModSecRules(testRes, parser_warning);
    if (modsec_rules == nullptr) {
        goto ret;
    }
@@ -381,6 +395,7 @@ RegressionTestResult *perform_regression_test(
      error_log,
      audit_log,
      debug_log,
+      parser_warning,
      status_code);

 ret:
--- a/test/regression/regression_test.cc
+++ b/test/regression/regression_test.cc
@@ -197,6 +197,9 @@ RegressionTest *RegressionTest::from_yajl_node(const yajl_val &node) {
                if (strcmp(key2, "parser_error") == 0) {
                    u->parser_error = YAJL_GET_STRING(val2);
                }
+                if (strcmp(key2, "parser_warn") == 0) {
+                    u->parser_warn = YAJL_GET_STRING(val2);
+                }
            }
        }
        if (strcmp(key, "rules") == 0) {
--- a/test/regression/regression_test.h
+++ b/test/regression/regression_test.h
@@ -58,6 +58,7 @@ class RegressionTest {
    std::string debug_log;
    std::string error_log;
    std::string parser_error;
+    std::string parser_warn;

    std::string clientIp;
    std::string serverIp;
--- a/test/test-cases/regression/config-warning.json
+++ b/test/test-cases/regression/config-warning.json
@@ -0,0 +1,63 @@
+[
+  {
+    "enabled":1,
+    "version_min":300000,
+    "title":"Testing parser warning (1/n)",
+    "expected":{
+      "parser_warn": "Action ctl:forceRequestBodyVariable is not supported in version 3"
+    },
+    "client":{
+      "ip":"200.249.12.31",
+      "port":12300
+    },
+    "request":{
+      "headers":{
+        "Host":"a.b.com",
+        "Accept":"*/*",
+        "User-Agent":"My sweet little browser",
+        "Cookie": "PHPSESSID=rAAAAAAA2t5uvjq435r4q7ib3vtdjq120"
+      },
+      "uri":"/path1",
+      "method":"GET"
+    },
+    "server":{
+      "ip":"200.249.12.31",
+      "port":80
+    },
+    "rules":[
+      "SecRuleEngine On",
+      "SecRule REQUEST_URI \"@contains path1\" \"phase:1,block,id:5,ctl:forceRequestBodyVariable=Off\""
+    ]
+  },
+  {
+    "enabled":1,
+    "version_min":300000,
+    "title":"Testing parser warning (2/n)",
+    "expected":{
+      "parser_warn": "config-warning.json. Line: 2. Column: 58. Action ctl:forceRequestBodyVariable is not supported in version 3."
+    },
+    "client":{
+      "ip":"200.249.12.31",
+      "port":12300
+    },
+    "request":{
+      "headers":{
+        "Host":"a.b.com",
+        "Accept":"*/*",
+        "User-Agent":"My sweet little browser",
+        "Cookie": "PHPSESSID=rAAAAAAA2t5uvjq435r4q7ib3vtdjq120"
+      },
+      "uri":"/path1",
+      "method":"GET"
+    },
+    "server":{
+      "ip":"200.249.12.31",
+      "port":80
+    },
+    "rules":[
+      "SecRuleEngine On",
+      "SecRule REQUEST_URI \"@contains path1\" \"phase:1,block,id:5,ctl:forceRequestBodyVariable=Off\"",
+      "SecRule REQUEST_URI \"@contains path1\" \"phase:1,block,id:7,ctl:forceRequestBodyVariable=On\""
+    ]
+  }
+]