mirror of
https://github.com/owasp-modsecurity/ModSecurity.git
synced 2025-09-30 03:34:29 +03:00
Some more updates for regression testing.
This commit is contained in:
brectanus
@@ -1,4 +1,6 @@
|
||||
### SecAudit* directive tests
|
||||
|
||||
# SecAuditEngine
|
||||
{
|
||||
type => "config",
|
||||
comment => "SecAuditEngine On",
|
||||
@@ -75,6 +77,84 @@
|
||||
GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt",
|
||||
),
|
||||
},
|
||||
|
||||
# SecAuditLogType & SecAuditLogStorageDir
|
||||
{
|
||||
type => "config",
|
||||
comment => "SecAuditLogType Serial",
|
||||
conf => qq(
|
||||
SecAuditEngine On
|
||||
SecAuditLog $ENV{AUDIT_LOG}
|
||||
SecAuditLogType Serial
|
||||
),
|
||||
match_log => {
|
||||
audit => [ qr/./, 1 ],
|
||||
},
|
||||
match_response => {
|
||||
status => qr/^404$/,
|
||||
},
|
||||
request => new HTTP::Request(
|
||||
GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/bogus",
|
||||
),
|
||||
},
|
||||
{
|
||||
type => "config",
|
||||
comment => "SecAuditLogType Concurrent",
|
||||
conf => qq(
|
||||
SecAuditEngine On
|
||||
SecAuditLog $ENV{AUDIT_LOG}
|
||||
SecAuditLogType Concurrent
|
||||
SecAuditLogStorageDir "$ENV{LOGS_DIR}/audit"
|
||||
),
|
||||
test => sub {
|
||||
### Perl code to parse the audit log entry and verify
|
||||
### that the concurrent audit log exists and contains
|
||||
### the correct data.
|
||||
###
|
||||
### TODO: Need some API for this :)
|
||||
###
|
||||
|
||||
# Parse log
|
||||
my $alogre = qr/^(?:\S+)\ (?:\S+)\ (?:\S+)\ (?:\S+)\ \[(?:[^:]+):(?:\d+:\d+:\d+)\ (?:[^\]]+)\]\ \"(?:.*)\"\ (?:\d+)\ (?:\S+)\ \"(?:.*)\"\ \"(?:.*)\"\ (\S+)\ \"(?:.*)\"\ (\S+)\ (?:\d+)\ (?:\d+)\ (?:\S+)(?:.*)$/m;
|
||||
my $alog = match_log("audit", $alogre, 1);
|
||||
chomp $alog;
|
||||
my @log = ($alog =~ m/$alogre/);
|
||||
my($id, $fn) = ($log[0], $log[1]);
|
||||
if (!$id or !$fn) {
|
||||
dbg("LOG ENTRY: $alog");
|
||||
die "Failed to parse audit log: $ENV{AUDIT_LOG}\n";
|
||||
}
|
||||
|
||||
# Verify concurrent log exists
|
||||
my $alogdatafn = "$ENV{LOGS_DIR}/audit$fn";
|
||||
if (! -e "$alogdatafn") {
|
||||
die "Audit log does not exist: $alogdatafn\n";
|
||||
}
|
||||
|
||||
# Verify concurrent log contents
|
||||
$LOG{$id}{fd} = new FileHandle($alogdatafn, O_RDONLY);
|
||||
$LOG{$id}{fd}->blocking(0);
|
||||
$LOG{$id}{buf} = "";
|
||||
my $alogdata = match_log($id, qr/^--[^-]+-A--.*$id.*-Z--$/s, 1);
|
||||
if (defined $alogdata) {
|
||||
$LOG{$id}{fd}->close();
|
||||
delete $LOG{$id};
|
||||
return 0;
|
||||
}
|
||||
|
||||
# Error
|
||||
dbg("LOGDATA: \"$alogdata\"");
|
||||
die "Audit log data did not match.\n";
|
||||
},
|
||||
match_response => {
|
||||
status => qr/^200$/,
|
||||
},
|
||||
request => new HTTP::Request(
|
||||
GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt",
|
||||
),
|
||||
},
|
||||
|
||||
# SecAuditLogRelevantStatus
|
||||
{
|
||||
type => "config",
|
||||
comment => "SecAuditLogRelevantStatus (pos)",
|
||||
@@ -111,6 +191,8 @@
|
||||
GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt",
|
||||
),
|
||||
},
|
||||
|
||||
# SecAuditLogParts
|
||||
{
|
||||
type => "config",
|
||||
comment => "SecAuditLogParts (minimal)",
|
||||
|
||||
@@ -1 +1,49 @@
|
||||
### Misc directive tests
|
||||
|
||||
### TODO:
|
||||
# SecTmpDir
|
||||
# SecUploadDir
|
||||
# SecUploadKeepFiles
|
||||
# SecWebAppId
|
||||
# SecDataDir
|
||||
# SecChrootDir
|
||||
# SecGuardianLog
|
||||
|
||||
# SecServerSignature
|
||||
{
|
||||
type => "config",
|
||||
comment => "SecServerSignature On",
|
||||
conf => qq(
|
||||
SecServerSignature "NewServerSignature"
|
||||
),
|
||||
match_log => {
|
||||
error => [ qr/NewServerSignature/, 1 ],
|
||||
},
|
||||
match_response => {
|
||||
status => qr/^200$/,
|
||||
raw => qr/^Server: +NewServerSignature$/m,
|
||||
},
|
||||
request => new HTTP::Request(
|
||||
GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt",
|
||||
),
|
||||
},
|
||||
|
||||
# SecDefaultAction
|
||||
{
|
||||
type => "config",
|
||||
comment => "SecServerSignature On",
|
||||
conf => qq(
|
||||
SecRuleEngine on
|
||||
SecDefaultAction "phase:1,deny,status:500"
|
||||
SecRule REQUEST_URI "test.txt"
|
||||
),
|
||||
match_log => {
|
||||
error => [ qr/ModSecurity: Access denied with code 500 \(phase 1\)/, 1 ],
|
||||
},
|
||||
match_response => {
|
||||
status => qr/^500$/,
|
||||
},
|
||||
request => new HTTP::Request(
|
||||
GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt",
|
||||
),
|
||||
},
|
||||
|
||||
@@ -1,5 +1,6 @@
|
||||
### Tests for directives altering how a request is handled
|
||||
|
||||
### SecArgumentSeparator
|
||||
# SecArgumentSeparator
|
||||
{
|
||||
type => "config",
|
||||
comment => "SecArgumentSeparator (get-pos)",
|
||||
@@ -85,7 +86,7 @@
|
||||
),
|
||||
},
|
||||
|
||||
### SecRequestBodyAccess
|
||||
# SecRequestBodyAccess
|
||||
{
|
||||
type => "config",
|
||||
comment => "SecRequestBodyAccess (pos)",
|
||||
@@ -133,7 +134,7 @@
|
||||
),
|
||||
},
|
||||
|
||||
### SecRequestBodyLimit
|
||||
# SecRequestBodyLimit
|
||||
{
|
||||
type => "config",
|
||||
comment => "SecRequestBodyLimit (equal)",
|
||||
@@ -179,7 +180,7 @@
|
||||
),
|
||||
},
|
||||
|
||||
### SecRequestBodyInMemoryLimit
|
||||
# SecRequestBodyInMemoryLimit
|
||||
{
|
||||
type => "config",
|
||||
comment => "SecRequestBodyInMemoryLimit (equal)",
|
||||
@@ -249,7 +250,7 @@ Content-Disposition: form-data; name="b"
|
||||
-----------------------------69343412719991675451336310646--), 1024),
|
||||
},
|
||||
|
||||
### SecCookieFormat
|
||||
# SecCookieFormat
|
||||
{
|
||||
type => "config",
|
||||
comment => "SecCookieFormat (pos)",
|
||||
|
||||
145
apache2/t/regression/config/10-response-directives.t
Normal file
145
apache2/t/regression/config/10-response-directives.t
Normal file
@@ -0,0 +1,145 @@
|
||||
### Tests for directives altering how a response is handled
|
||||
|
||||
# SecResponseBodyAccess
|
||||
{
|
||||
type => "config",
|
||||
comment => "SecResponseBodyAccess (pos)",
|
||||
conf => qq(
|
||||
SecRuleEngine On
|
||||
SecResponseBodyAccess On
|
||||
SecResponseBodyMimeType null
|
||||
SecRule RESPONSE_BODY "TEST" "phase:4,deny"
|
||||
),
|
||||
match_log => {
|
||||
error => [ qr/Access denied with code 403 \(phase 4\)\. Pattern match "TEST" at RESPONSE_BODY\./, 1 ],
|
||||
},
|
||||
match_response => {
|
||||
status => qr/^403$/,
|
||||
},
|
||||
request => new HTTP::Request(
|
||||
GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt",
|
||||
),
|
||||
},
|
||||
{
|
||||
type => "config",
|
||||
comment => "SecResponseBodyAccess (neg)",
|
||||
conf => qq(
|
||||
SecRuleEngine On
|
||||
SecResponseBodyAccess Off
|
||||
SecResponseBodyMimeType null
|
||||
SecRule RESPONSE_BODY "TEST" "phase:4,deny"
|
||||
),
|
||||
match_log => {
|
||||
-error => [ qr/Access denied/, 1 ],
|
||||
},
|
||||
match_response => {
|
||||
status => qr/^200$/,
|
||||
},
|
||||
request => new HTTP::Request(
|
||||
GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt",
|
||||
),
|
||||
},
|
||||
|
||||
# SecResponseBodyLimit
|
||||
{
|
||||
type => "config",
|
||||
comment => "SecResponseBodyLimit (equal)",
|
||||
conf => qq(
|
||||
SecRuleEngine On
|
||||
SecResponseBodyAccess On
|
||||
SecResponseBodyMimeType null
|
||||
SecResponseBodyLimit 8192
|
||||
),
|
||||
match_log => {
|
||||
-error => [ qr/Content-Length \(\d+\) over the limit/, 1 ],
|
||||
},
|
||||
match_response => {
|
||||
status => qr/^200$/,
|
||||
},
|
||||
request => new HTTP::Request(
|
||||
GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/8k.txt",
|
||||
),
|
||||
},
|
||||
{
|
||||
type => "config",
|
||||
comment => "SecResponseBodyLimit (less)",
|
||||
conf => qq(
|
||||
SecRuleEngine On
|
||||
SecResponseBodyAccess On
|
||||
SecResponseBodyMimeType null
|
||||
SecResponseBodyLimit 9000
|
||||
),
|
||||
match_log => {
|
||||
-error => [ qr/Content-Length \(\d+\) over the limit/, 1 ],
|
||||
},
|
||||
match_response => {
|
||||
status => qr/^200$/,
|
||||
},
|
||||
request => new HTTP::Request(
|
||||
GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/8k.txt",
|
||||
),
|
||||
},
|
||||
{
|
||||
type => "config",
|
||||
comment => "SecResponseBodyLimit (greater)",
|
||||
conf => qq(
|
||||
SecRuleEngine On
|
||||
SecResponseBodyAccess On
|
||||
SecResponseBodyMimeType null
|
||||
SecResponseBodyLimit 8000
|
||||
),
|
||||
match_log => {
|
||||
error => [ qr/Content-Length \(\d+\) over the limit \(8000\)\./, 1 ],
|
||||
},
|
||||
match_response => {
|
||||
status => qr/^500$/,
|
||||
},
|
||||
request => new HTTP::Request(
|
||||
GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/8k.txt",
|
||||
),
|
||||
},
|
||||
|
||||
# ResponseBodyLimitAction
|
||||
{
|
||||
type => "config",
|
||||
comment => "SecResponseBodyLimitAction Reject",
|
||||
conf => qq(
|
||||
SecRuleEngine On
|
||||
SecResponseBodyAccess On
|
||||
SecResponseBodyMimeType null
|
||||
SecResponseBodyLimit 5
|
||||
SecResponseBodyLimitAction Reject
|
||||
),
|
||||
match_log => {
|
||||
error => [ qr/Content-Length \(\d+\) over the limit \(5\)\./, 1 ],
|
||||
},
|
||||
match_response => {
|
||||
status => qr/^500$/,
|
||||
},
|
||||
request => new HTTP::Request(
|
||||
GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/8k.txt",
|
||||
),
|
||||
},
|
||||
{
|
||||
type => "config",
|
||||
comment => "SecResponseBodyLimitAction ProcessPartial",
|
||||
conf => qq(
|
||||
SecRuleEngine On
|
||||
SecResponseBodyAccess On
|
||||
SecResponseBodyMimeType null
|
||||
SecResponseBodyLimit 5
|
||||
SecDebugLog $ENV{DEBUG_LOG}
|
||||
SecDebugLogLevel 4
|
||||
SecResponseBodyLimitAction ProcessPartial
|
||||
),
|
||||
match_log => {
|
||||
-error => [ qr/Content-Length \(\d+\) over the limit/, 1 ],
|
||||
debug => [ qr/Processing partial response body \(limit 5\)/, 1 ],
|
||||
},
|
||||
match_response => {
|
||||
status => qr/^200$/,
|
||||
},
|
||||
request => new HTTP::Request(
|
||||
GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/8k.txt",
|
||||
),
|
||||
},
|
||||
Reference in New Issue
Block a user