Some more updates/tweaks to the regression suite.

Allow the ability to "make test-regression".

apache2/Makefile.in

@@ -127,4 +127,7 @@ test: t/run-unit-tests.pl msc_test
 	@rm -f msc-test-debug.log; \
 	$(PERL) t/run-unit-tests.pl
 
-.PHONY: all install clean-extras clean maintainer-clean distclean install-mods test
+test-regression: t/run-regression-tests.pl
+	@$(PERL) t/run-regression-tests.pl
+
+.PHONY: all install clean-extras clean maintainer-clean distclean install-mods test test-regression

apache2/configure

@@ -671,6 +671,14 @@ PERL
 GREP
 EGREP
 LIBOBJS
+MSC_BASE_DIR
+MSC_PKGBASE_DIR
+MSC_TEST_DIR
+MSC_REGRESSION_DIR
+MSC_REGRESSION_SERVERROOT_DIR
+MSC_REGRESSION_CONF_DIR
+MSC_REGRESSION_LOGS_DIR
+MSC_REGRESSION_DOCROOT_DIR
 EXTRA_CFLAGS
 MODSEC_EXTRA_CFLAGS
 APXS
@@ -4988,6 +4996,25 @@ fi
 done
 
 
+# Some directories
+MSC_BASE_DIR=`pwd`
+MSC_PKGBASE_DIR="$MSC_BASE_DIR/.."
+MSC_TEST_DIR="$MSC_BASE_DIR/t"
+MSC_REGRESSION_DIR="$MSC_TEST_DIR/regression"
+MSC_REGRESSION_SERVERROOT_DIR="$MSC_REGRESSION_DIR/server_root"
+MSC_REGRESSION_CONF_DIR="$MSC_REGRESSION_SERVERROOT_DIR/conf"
+MSC_REGRESSION_LOGS_DIR="$MSC_REGRESSION_SERVERROOT_DIR/logs"
+MSC_REGRESSION_DOCROOT_DIR="$MSC_REGRESSION_SERVERROOT_DIR/htdocs"
+
+
+
+
+
+
+
+
+
+
 # Find apxs
 { echo "$as_me:$LINENO: looking for Apache module support via DSO through APXS" >&5
 echo "$as_me: looking for Apache module support via DSO through APXS" >&6;}
@@ -5752,6 +5779,8 @@ if test -e "$PERL"; then
 
     ac_config_files="$ac_config_files t/csv_rx-pm.pl"
 
+    ac_config_files="$ac_config_files t/regression/server_root/conf/httpd.conf"
+
 
     # Perl based tools
     ac_config_files="$ac_config_files ../tools/rules-updater.pl"
@@ -6322,6 +6351,7 @@ do
     "t/run-regression-tests.pl") CONFIG_FILES="$CONFIG_FILES t/run-regression-tests.pl" ;;
     "t/gen_rx-pm.pl") CONFIG_FILES="$CONFIG_FILES t/gen_rx-pm.pl" ;;
     "t/csv_rx-pm.pl") CONFIG_FILES="$CONFIG_FILES t/csv_rx-pm.pl" ;;
+    "t/regression/server_root/conf/httpd.conf") CONFIG_FILES="$CONFIG_FILES t/regression/server_root/conf/httpd.conf" ;;
     "../tools/rules-updater.pl") CONFIG_FILES="$CONFIG_FILES ../tools/rules-updater.pl" ;;
     "mlogc-src/Makefile") CONFIG_FILES="$CONFIG_FILES mlogc-src/Makefile" ;;
 
@@ -6443,6 +6473,14 @@ PERL!$PERL$ac_delim
 GREP!$GREP$ac_delim
 EGREP!$EGREP$ac_delim
 LIBOBJS!$LIBOBJS$ac_delim
+MSC_BASE_DIR!$MSC_BASE_DIR$ac_delim
+MSC_PKGBASE_DIR!$MSC_PKGBASE_DIR$ac_delim
+MSC_TEST_DIR!$MSC_TEST_DIR$ac_delim
+MSC_REGRESSION_DIR!$MSC_REGRESSION_DIR$ac_delim
+MSC_REGRESSION_SERVERROOT_DIR!$MSC_REGRESSION_SERVERROOT_DIR$ac_delim
+MSC_REGRESSION_CONF_DIR!$MSC_REGRESSION_CONF_DIR$ac_delim
+MSC_REGRESSION_LOGS_DIR!$MSC_REGRESSION_LOGS_DIR$ac_delim
+MSC_REGRESSION_DOCROOT_DIR!$MSC_REGRESSION_DOCROOT_DIR$ac_delim
 EXTRA_CFLAGS!$EXTRA_CFLAGS$ac_delim
 MODSEC_EXTRA_CFLAGS!$MODSEC_EXTRA_CFLAGS$ac_delim
 APXS!$APXS$ac_delim
@@ -6474,13 +6512,9 @@ APU_LINK_LD!$APU_LINK_LD$ac_delim
 LIBXML_LIBS!$LIBXML_LIBS$ac_delim
 LIBXML_CFLAGS!$LIBXML_CFLAGS$ac_delim
 LUA_LIBS!$LUA_LIBS$ac_delim
-LUA_CFLAGS!$LUA_CFLAGS$ac_delim
-CURL_LIBS!$CURL_LIBS$ac_delim
-CURL_CFLAGS!$CURL_CFLAGS$ac_delim
-LTLIBOBJS!$LTLIBOBJS$ac_delim
 _ACEOF
 
-  if test `sed -n "s/.*$ac_delim\$/X/p" conf$$subs.sed | grep -c X` = 93; then
+  if test `sed -n "s/.*$ac_delim\$/X/p" conf$$subs.sed | grep -c X` = 97; then
     break
   elif $ac_last_try; then
     { { echo "$as_me:$LINENO: error: could not make $CONFIG_STATUS" >&5
@@ -6499,6 +6533,51 @@ fi
 
 cat >>$CONFIG_STATUS <<_ACEOF
 cat >"\$tmp/subs-1.sed" <<\CEOF$ac_eof
+/@[a-zA-Z_][a-zA-Z_0-9]*@/!b
+_ACEOF
+sed '
+s/[,\\&]/\\&/g; s/@/@|#_!!_#|/g
+s/^/s,@/; s/!/@,|#_!!_#|/
+:n
+t n
+s/'"$ac_delim"'$/,g/; t
+s/$/\\/; p
+N; s/^.*\n//; s/[,\\&]/\\&/g; s/@/@|#_!!_#|/g; b n
+' >>$CONFIG_STATUS <conf$$subs.sed
+rm -f conf$$subs.sed
+cat >>$CONFIG_STATUS <<_ACEOF
+CEOF$ac_eof
+_ACEOF
+
+
+ac_delim='%!_!# '
+for ac_last_try in false false false false false :; do
+  cat >conf$$subs.sed <<_ACEOF
+LUA_CFLAGS!$LUA_CFLAGS$ac_delim
+CURL_LIBS!$CURL_LIBS$ac_delim
+CURL_CFLAGS!$CURL_CFLAGS$ac_delim
+LTLIBOBJS!$LTLIBOBJS$ac_delim
+_ACEOF
+
+  if test `sed -n "s/.*$ac_delim\$/X/p" conf$$subs.sed | grep -c X` = 4; then
+    break
+  elif $ac_last_try; then
+    { { echo "$as_me:$LINENO: error: could not make $CONFIG_STATUS" >&5
+echo "$as_me: error: could not make $CONFIG_STATUS" >&2;}
+   { (exit 1); exit 1; }; }
+  else
+    ac_delim="$ac_delim!$ac_delim _$ac_delim!! "
+  fi
+done
+
+ac_eof=`sed -n '/^CEOF[0-9]*$/s/CEOF/0/p' conf$$subs.sed`
+if test -n "$ac_eof"; then
+  ac_eof=`echo "$ac_eof" | sort -nru | sed 1q`
+  ac_eof=`expr $ac_eof + 1`
+fi
+
+cat >>$CONFIG_STATUS <<_ACEOF
+cat >"\$tmp/subs-2.sed" <<\CEOF$ac_eof
 /@[a-zA-Z_][a-zA-Z_0-9]*@/!b end
 _ACEOF
 sed '
@@ -6761,7 +6840,7 @@ s&@abs_builddir@&$ac_abs_builddir&;t t
 s&@abs_top_builddir@&$ac_abs_top_builddir&;t t
 s&@INSTALL@&$ac_INSTALL&;t t
 $ac_datarootdir_hack
-" $ac_file_inputs | sed -f "$tmp/subs-1.sed" >$tmp/out
+" $ac_file_inputs | sed -f "$tmp/subs-1.sed" | sed -f "$tmp/subs-2.sed" >$tmp/out
 
 test -z "$ac_datarootdir_hack$ac_datarootdir_seen" &&
   { ac_out=`sed -n '/\${datarootdir}/p' "$tmp/out"`; test -n "$ac_out"; } &&

apache2/configure.in

@@ -39,6 +39,25 @@ AC_FUNC_MALLOC
 AC_FUNC_MEMCMP
 AC_CHECK_FUNCS([atexit fchmod getcwd memset strcasecmp strchr strdup strerror strncasecmp strrchr strstr strtol])
 
+# Some directories
+MSC_BASE_DIR=`pwd`
+MSC_PKGBASE_DIR="$MSC_BASE_DIR/.."
+MSC_TEST_DIR="$MSC_BASE_DIR/t"
+MSC_REGRESSION_DIR="$MSC_TEST_DIR/regression"
+MSC_REGRESSION_SERVERROOT_DIR="$MSC_REGRESSION_DIR/server_root"
+MSC_REGRESSION_CONF_DIR="$MSC_REGRESSION_SERVERROOT_DIR/conf"
+MSC_REGRESSION_LOGS_DIR="$MSC_REGRESSION_SERVERROOT_DIR/logs"
+MSC_REGRESSION_DOCROOT_DIR="$MSC_REGRESSION_SERVERROOT_DIR/htdocs"
+
+AC_SUBST(MSC_BASE_DIR)
+AC_SUBST(MSC_PKGBASE_DIR)
+AC_SUBST(MSC_TEST_DIR)
+AC_SUBST(MSC_REGRESSION_DIR)
+AC_SUBST(MSC_REGRESSION_SERVERROOT_DIR)
+AC_SUBST(MSC_REGRESSION_CONF_DIR)
+AC_SUBST(MSC_REGRESSION_LOGS_DIR)
+AC_SUBST(MSC_REGRESSION_DOCROOT_DIR)
+
 # Find apxs
 AC_MSG_NOTICE(looking for Apache module support via DSO through APXS)
 AC_ARG_WITH(apxs,
@@ -291,6 +310,7 @@ if test -e "$PERL"; then
     AC_CONFIG_FILES([t/run-regression-tests.pl], [chmod +x t/run-regression-tests.pl])
     AC_CONFIG_FILES([t/gen_rx-pm.pl], [chmod +x t/gen_rx-pm.pl])
     AC_CONFIG_FILES([t/csv_rx-pm.pl], [chmod +x t/csv_rx-pm.pl])
+    AC_CONFIG_FILES([t/regression/server_root/conf/httpd.conf])
 
     # Perl based tools
     AC_CONFIG_FILES([../tools/rules-updater.pl], [chmod +x ../tools/rules-updater.pl])

apache2/t/regression/config/10-response-directives.t

@@ -27,9 +27,11 @@
 # SecResponseBodyAccess & SecResponseBodyMimeType
 {
 	type => "config",
-	comment => "SecResponseBodyAccess (pos)",
+	comment => "SecResponseBodyAccess On",
 	conf => qq(
 		SecRuleEngine On
+		SecDebugLog $ENV{DEBUG_LOG}
+		SecDebugLogLevel 9
 		SecResponseBodyAccess On
 		SecResponseBodyMimeType null
 		SecRule RESPONSE_BODY "TEST" "phase:4,deny"
@@ -46,15 +48,18 @@
 },
 {
 	type => "config",
-	comment => "SecResponseBodyAccess (neg)",
+	comment => "SecResponseBodyAccess Off",
 	conf => qq(
 		SecRuleEngine On
+		SecDebugLog $ENV{DEBUG_LOG}
+		SecDebugLogLevel 9
 		SecResponseBodyAccess Off
 		SecResponseBodyMimeType null
 		SecRule RESPONSE_BODY "TEST" "phase:4,deny"
 	),
 	match_log => {
 		-error => [ qr/Access denied/, 1 ],
+		debug => [ qr/Response body buffering is not enabled\./, 1 ],
 	},
 	match_response => {
 		status => qr/^200$/,

apache2/t/regression/rule/00-script.t

@@ -1,25 +1,63 @@
+### Test for SecRuleScript
 
 # Lua
 {
-	type => "config",
+	type => "rule",
-	comment => "SecRuleScript (lua)",
+	comment => "SecRuleScript (lua absolute nomatch)",
 	conf => qq(
 		SecRuleEngine On
 		SecDebugLog $ENV{DEBUG_LOG}
 		SecDebugLogLevel 1
-		SecRuleScript "test.lua" "phase:1"
+		SecRuleScript "$ENV{CONF_DIR}/test.lua" "phase:2,deny"
 	),
 	match_log => {
+		-error => [ qr/Lua script matched\./, 1 ],
 		debug => [ qr/Test message\./, 1 ],
 	},
 	match_response => {
 		status => qr/^200$/,
 	},
 	request => new HTTP::Request(
-		POST => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt",
+		GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt",
-		[
+	),
-			"Content-Type" => "application/x-www-form-urlencoded",
+},
-		],
+{
-		"a=1;b=2",
+	type => "rule",
+	comment => "SecRuleScript (lua relative nomatch)",
+	conf => qq(
+		SecRuleEngine On
+		SecDebugLog $ENV{DEBUG_LOG}
+		SecDebugLogLevel 1
+		SecRuleScript "test.lua" "phase:2,deny"
+	),
+	match_log => {
+		-error => [ qr/Lua script matched\./, 1 ],
+		debug => [ qr/Test message\./, 1 ],
+	},
+	match_response => {
+		status => qr/^200$/,
+	},
+	request => new HTTP::Request(
+		GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt",
+	),
+},
+{
+	type => "rule",
+	comment => "SecRuleScript (lua relative match)",
+	conf => qq(
+		SecRuleEngine On
+		SecDebugLog $ENV{DEBUG_LOG}
+		SecDebugLogLevel 1
+		SecRuleScript "match.lua" "phase:2,deny"
+	),
+	match_log => {
+		error => [ qr/ModSecurity: Access denied with code 403 \(phase 2\)\. Lua script matched\./, 1 ],
+		debug => [ qr/Test message\./, 1 ],
+	},
+	match_response => {
+		status => qr/^403$/,
+	},
+	request => new HTTP::Request(
+		GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt",
 	),
 },

apache2/t/regression/server_root/conf/httpd.conf.in

@@ -1,8 +1,8 @@
 ### Base configuration for starting Apache httpd
 
 # File locations
-PidFile /home/brectanu/projects/modsec/m2/trunk/apache2/t/regression/server_root/logs/httpd.pid
+PidFile @MSC_REGRESSION_LOGS_DIR@/httpd.pid
-ScoreBoardFile /home/brectanu/projects/modsec/m2/trunk/apache2/t/regression/server_root/logs/httpd.scoreboard
+ScoreBoardFile @MSC_REGRESSION_LOGS_DIR@/httpd.scoreboard
 
 <IfModule !mod_proxy.c>
 	LoadModule proxy_module modules/mod_proxy.so
@@ -13,6 +13,7 @@ ScoreBoardFile /home/brectanu/projects/modsec/m2/trunk/apache2/t/regression/serv
 </IfModule>
 
 <IfDefine !NOMODSEC>
+	# TODO: Need to have these configurable
 	LoadFile /usr/lib/libxml2.so
 	LoadFile /usr/lib/liblua5.1.so
 	LoadModule security2_module modules/mod_security2.so
@@ -21,10 +22,10 @@ ScoreBoardFile /home/brectanu/projects/modsec/m2/trunk/apache2/t/regression/serv
 ServerName localhost
 
 LogLevel debug
-ErrorLog /home/brectanu/projects/modsec/m2/trunk/apache2/t/regression/server_root/logs/error.log
+ErrorLog @MSC_REGRESSION_LOGS_DIR@/error.log
 
-DocumentRoot /home/brectanu/projects/modsec/m2/trunk/apache2/t/regression/server_root/htdocs
+DocumentRoot @MSC_REGRESSION_DOCROOT_DIR@
-<Directory "/home/brectanu/projects/modsec/m2/trunk/apache2/t/regression/server_root/htdocs">
+<Directory "@MSC_REGRESSION_DOCROOT_DIR@">
   Options Indexes FollowSymLinks
   AllowOverride None
 </Directory>

apache2/t/regression/server_root/conf/match.lua

@@ -0,0 +1,14 @@
+-- Test matching Lua Script to just print debug messages
+function main()
+    m.log(1, "Test message.");
+    m.log(2, "Test message.");
+    m.log(3, "Test message.");
+    m.log(4, "Test message.");
+    m.log(5, "Test message.");
+    m.log(6, "Test message.");
+    m.log(7, "Test message.");
+    m.log(8, "Test message.");
+    m.log(9, "Test message.");
+
+    return "Lua script matched.";
+end

apache2/t/run-regression-tests.pl.in

@@ -107,6 +107,7 @@ unless (defined $opt{S}) {
 	SERVER_PORT => $opt{p},
 	SERVER_NAME => "localhost",
 	TEST_SERVER_ROOT => $SROOT_DIR,
+	CONF_DIR => $CONF_DIR,
 	LOGS_DIR => $LOGS_DIR,
 	SCRIPT_DIR => $SCRIPT_DIR,
 	REGRESSION_DIR => $REG_DIR,
@@ -178,7 +179,7 @@ sub runfile {
 
 		my $httpd_up = 0;
 		my %t = %{$t || {}};
-		my $id = sprintf("%6d %s", $n);
+		my $id = sprintf("%3d", $n);
 		my $out = "";
 		my $rc = 0;
 		my $conf_fn;