github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2025-08-13 13:26:01 +03:00
Code Issues Packages Projects Releases Wiki Activity

Fix rule line number

Browse Source 
Issue #1844
This commit is contained in:
Felipe Zimmerle 2018-10-24 20:51:22 -03:00
parent fa5f3784f2
commit 973c1f1028
No known key found for this signature in database
GPG Key ID: E6DFB08CE8B11277
9 changed files with 1293 additions and 785 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
CHANGES
View File

@ -1,6 +1,8 @@
v3.0.3 - YYYY-MMM-DD (to be released)
-------------------------------------
- m_lineNumber in Rule not mapping with the correct line number in file
[Issue #1844 - @zimmerle, @victorhora, @xizeng]
- Using shared_ptr instead of unique_ptr on rules exceptions
[Issue #1697 - @zimmerle, @brianp9906, @victorhora, @LeSwiss, @defanator]
- Changes debuglogs schema to avoid unecessary str allocation

1
Makefile.am
View File

@ -90,6 +90,7 @@ TESTS+=test/test-cases/regression/issue-1591.json
TESTS+=test/test-cases/regression/issue-1785.json
TESTS+=test/test-cases/regression/issue-1812.json
TESTS+=test/test-cases/regression/issue-1831.json
TESTS+=test/test-cases/regression/issue-1844.json
TESTS+=test/test-cases/regression/issue-1725.json
TESTS+=test/test-cases/regression/variable-RESPONSE_HEADERS.json
TESTS+=test/test-cases/regression/config-include.json

1531
src/parser/seclang-parser.cc
View File

File diff suppressed because it is too large Load Diff

9
src/parser/seclang-parser.yy
View File

@ -1113,8 +1113,9 @@ expression:
/* variables */ v,
/* actions */ a,
/* file name */ driver.ref.back(),
/* line number */ @0.end.line
/* line number */ @1.end.line
);
if (driver.addSecRule(rule) == false) {
delete rule;
YYERROR;
@ -1132,7 +1133,7 @@ expression:
/* variables */ v,
/* actions */ NULL,
/* file name */ driver.ref.back(),
/* line number */ @0.end.line
/* line number */ @1.end.line
);
if (driver.addSecRule(rule) == false) {
delete rule;
@ -1150,7 +1151,7 @@ expression:
/* variables */ NULL,
/* actions */ a,
/* file name */ driver.ref.back(),
/* line number */ @0.end.line
/* line number */ @1.end.line
);
driver.addSecAction(rule);
}
@ -1165,7 +1166,7 @@ expression:
/* path to script */ $1,
/* actions */ a,
/* file name */ driver.ref.back(),
/* line number */ @0.end.line
/* line number */ @1.end.line
);
if (r->init(&err) == false) {

16
src/parser/seclang-scanner.cc
View File

@ -8148,37 +8148,37 @@ case 504:
/* rule 504 can match eol */
YY_RULE_SETUP
#line 1164 "seclang-scanner.ll"
{ BEGIN(EXPECTING_ACTIONS_ENDS_WITH_DOUBLE_QUOTE); }
{ driver.loc.back()->lines(1); driver.loc.back()->step(); BEGIN(EXPECTING_ACTIONS_ENDS_WITH_DOUBLE_QUOTE); }
YY_BREAK
case 505:
/* rule 505 can match eol */
YY_RULE_SETUP
#line 1165 "seclang-scanner.ll"
{ BEGIN(EXPECTING_ACTIONS_ENDS_WITH_DOUBLE_QUOTE); }
{ driver.loc.back()->lines(1); driver.loc.back()->step(); BEGIN(EXPECTING_ACTIONS_ENDS_WITH_DOUBLE_QUOTE); }
YY_BREAK
case 506:
/* rule 506 can match eol */
YY_RULE_SETUP
#line 1166 "seclang-scanner.ll"
{ BEGIN(EXPECTING_ACTIONS_ENDS_WITH_DOUBLE_QUOTE); }
{ driver.loc.back()->lines(1); driver.loc.back()->step(); BEGIN(EXPECTING_ACTIONS_ENDS_WITH_DOUBLE_QUOTE); }
YY_BREAK
case 507:
/* rule 507 can match eol */
YY_RULE_SETUP
#line 1167 "seclang-scanner.ll"
{ BEGIN(EXPECTING_ACTIONS_ENDS_WITH_DOUBLE_QUOTE); }
{ driver.loc.back()->lines(1); driver.loc.back()->step(); BEGIN(EXPECTING_ACTIONS_ENDS_WITH_DOUBLE_QUOTE); }
YY_BREAK
case 508:
/* rule 508 can match eol */
YY_RULE_SETUP
#line 1169 "seclang-scanner.ll"
{ BEGIN(EXPECTING_ACTIONS_ONLY_ONE); }
{ driver.loc.back()->lines(1); driver.loc.back()->step(); BEGIN(EXPECTING_ACTIONS_ONLY_ONE); }
YY_BREAK
case 509:
/* rule 509 can match eol */
YY_RULE_SETUP
#line 1170 "seclang-scanner.ll"
{ BEGIN(EXPECTING_ACTIONS_ONLY_ONE); }
{ driver.loc.back()->lines(1); driver.loc.back()->step(); BEGIN(EXPECTING_ACTIONS_ONLY_ONE); }
YY_BREAK
case 510:
YY_RULE_SETUP
@ -8189,13 +8189,13 @@ case 511:
/* rule 511 can match eol */
YY_RULE_SETUP
#line 1173 "seclang-scanner.ll"
{ BEGIN(EXPECTING_ACTIONS_ONLY_ONE); }
{ driver.loc.back()->lines(1); driver.loc.back()->step(); BEGIN(EXPECTING_ACTIONS_ONLY_ONE); }
YY_BREAK
case 512:
/* rule 512 can match eol */
YY_RULE_SETUP
#line 1174 "seclang-scanner.ll"
{ BEGIN(EXPECTING_ACTIONS_ONLY_ONE); }
{ driver.loc.back()->lines(1); driver.loc.back()->step(); BEGIN(EXPECTING_ACTIONS_ONLY_ONE); }
YY_BREAK

16
src/parser/seclang-scanner.ll
View File

@ -1160,17 +1160,17 @@ EQUALS_MINUS (?i:=\-)
<TRANSACTION_FROM_OPERATOR_TO_ACTIONS,TRANSACTION_FROM_OPERATOR_PARAMETERS_TO_ACTIONS>{
[ \t]*\"[ \t]* { BEGIN(EXPECTING_ACTIONS_ENDS_WITH_DOUBLE_QUOTE); }
[ \t]*\"[ \t]*\"[ \t]* { BEGIN(EXPECTING_ACTIONS_ENDS_WITH_DOUBLE_QUOTE); }
[ \t]*\"[ \t]*\\\n[ \t]*\"[ \t]* { BEGIN(EXPECTING_ACTIONS_ENDS_WITH_DOUBLE_QUOTE); }
\\\n[ \t]*\"[ \t]* { BEGIN(EXPECTING_ACTIONS_ENDS_WITH_DOUBLE_QUOTE); }
[ \t]*\"[ \t]*\\\r\n[ \t]*\"[ \t]* { BEGIN(EXPECTING_ACTIONS_ENDS_WITH_DOUBLE_QUOTE); }
[ \t]*\\\n[ \t]*\"[ \t]* { BEGIN(EXPECTING_ACTIONS_ENDS_WITH_DOUBLE_QUOTE); }
[ \t]*\"[ \t]*\\\n[ \t]*\"[ \t]* { driver.loc.back()->lines(1); driver.loc.back()->step(); BEGIN(EXPECTING_ACTIONS_ENDS_WITH_DOUBLE_QUOTE); }
\\\n[ \t]*\"[ \t]* { driver.loc.back()->lines(1); driver.loc.back()->step(); BEGIN(EXPECTING_ACTIONS_ENDS_WITH_DOUBLE_QUOTE); }
[ \t]*\"[ \t]*\\\r\n[ \t]*\"[ \t]* { driver.loc.back()->lines(1); driver.loc.back()->step(); BEGIN(EXPECTING_ACTIONS_ENDS_WITH_DOUBLE_QUOTE); }
[ \t]*\\\n[ \t]*\"[ \t]* { driver.loc.back()->lines(1); driver.loc.back()->step(); BEGIN(EXPECTING_ACTIONS_ENDS_WITH_DOUBLE_QUOTE); }
[ \t]*\\\n[ \t]* { BEGIN(EXPECTING_ACTIONS_ONLY_ONE); }
[ \t]*\\\r\n[ \t]* { BEGIN(EXPECTING_ACTIONS_ONLY_ONE); }
[ \t]*\\\n[ \t]* { driver.loc.back()->lines(1); driver.loc.back()->step(); BEGIN(EXPECTING_ACTIONS_ONLY_ONE); }
[ \t]*\\\r\n[ \t]* { driver.loc.back()->lines(1); driver.loc.back()->step(); BEGIN(EXPECTING_ACTIONS_ONLY_ONE); }
[ ]+ { BEGIN(EXPECTING_ACTIONS_ONLY_ONE); }
[ \t]*\r\n[ \t]* { BEGIN(EXPECTING_ACTIONS_ONLY_ONE); }
[ \t]*\n[ \t]* { BEGIN(EXPECTING_ACTIONS_ONLY_ONE); }
[ \t]*\r\n[ \t]* { driver.loc.back()->lines(1); driver.loc.back()->step(); BEGIN(EXPECTING_ACTIONS_ONLY_ONE); }
[ \t]*\n[ \t]* { driver.loc.back()->lines(1); driver.loc.back()->step(); BEGIN(EXPECTING_ACTIONS_ONLY_ONE); }
}

198
test/test-cases/data/big-file.conf Normal file
View File

@ -0,0 +1,198 @@
# 1
# 2
# 3
# 4
# 5
# 6
# 7
# 8
# 10
# 11
# 12
SecRule TX:PARANOIA_LEVEL "@lt 1" "phase:1,id:930011,nolog,pass,skipAfter:END-REQUEST-930-APPLICATION-ATTACK-LFI"
SecRule TX:PARANOIA_LEVEL "@lt 1" "phase:2,id:930012,nolog,pass,skipAfter:END-REQUEST-930-APPLICATION-ATTACK-LFI"
# 18
# 19
# 20
# 22
# 23
# 24
# 25
# 26
# 27
# 28
SecRule REQUEST_URI_RAW|REQUEST_BODY|REQUEST_HEADERS|!REQUEST_HEADERS:Referer|XML:/* "(?i)(?:\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8|e)0%80%ae|2(?:(?:5(?:c0%25a|2))?e|%45)|u(?:(?:002|ff0)e|2024)|%32(?:%(?:%6|4)5|E)|c0(?:%[256aef]e|\.))|\.(?:%0[01]|\?)?|\?\.?|0x2e){2}(?:\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\/))|test1" \
"phase:request,\
msg:'Path Traversal Attack (/../)',\
id:930100,\
ver:'OWASP_CRS/3.0.0',\
rev:'3',\
maturity:'9',\
accuracy:'7',\
t:none,\
block,\
severity:CRITICAL,\
logdata:'Matched Data: %{TX.0} found within %{MATCHED_VAR_NAME}: %{MATCHED_VAR}',\
capture,\
tag:'application-multi',\
tag:'language-multi',\
tag:'platform-multi',\
tag:'attack-lfi',\
tag:'OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL',\
setvar:'tx.msg=%{rule.msg}',\
setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},\
setvar:tx.lfi_score=+%{tx.critical_anomaly_score},\
setvar:'tx.%{rule.id}-OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL-%{matched_var_name}=%{matched_var}'"
# 52
# 53
# 54
SecRule REQUEST_URI|REQUEST_BODY|REQUEST_HEADERS|!REQUEST_HEADERS:Referer|XML:/* "@pm test2" \
"phase:request,\
msg:'Path Traversal Attack (/../)',\
id:930110,\
ver:'OWASP_CRS/3.0.0',\
rev:'1',\
maturity:'9',\
accuracy:'7',\
multiMatch,\
t:none,t:utf8toUnicode,t:urlDecodeUni,t:removeNulls,t:cmdLine,\
block,\
severity:CRITICAL,\
logdata:'Matched Data: %{TX.0} found within %{MATCHED_VAR_NAME}: %{MATCHED_VAR}',\
capture,\
tag:'application-multi',\
tag:'language-multi',\
tag:'platform-multi',\
tag:'attack-lfi',\
tag:'OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL',\
setvar:'tx.msg=%{rule.msg}',\
setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},\
setvar:tx.lfi_score=+%{tx.critical_anomaly_score},\
setvar:'tx.%{rule.id}-OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL-%{matched_var_name}=%{matched_var}'"
# 79
# 80
# 81
# 82
# 83
SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAMES|ARGS|XML:/* "@pm test3" \
"phase:request,\
msg:'OS File Access Attempt',\
rev:'4',\
ver:'OWASP_CRS/3.0.0',\
maturity:'9',\
accuracy:'9',\
capture,\
t:none,t:utf8toUnicode,t:urlDecodeUni,t:normalizePathWin,t:lowercase,\
block,\
id:930120,\
tag:'application-multi',\
tag:'language-multi',\
tag:'platform-multi',\
tag:'attack-lfi',\
tag:'OWASP_CRS/WEB_ATTACK/FILE_INJECTION',\
tag:'WASCTC/WASC-33',\
tag:'OWASP_TOP_10/A4',\
tag:'PCI/6.5.4',\
logdata:'Matched Data: %{TX.0} found within %{MATCHED_VAR_NAME}: %{MATCHED_VAR}',\
severity:'CRITICAL',\
setvar:'tx.msg=%{rule.msg}',\
setvar:tx.lfi_score=+%{tx.critical_anomaly_score},\
setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},\
setvar:tx.%{rule.id}-OWASP_CRS/WEB_ATTACK/FILE_INJECTION-%{matched_var_name}=%{tx.0}"
# 110
# 111
# 112
# 113
# 114
# 115
SecRule REQUEST_FILENAME|ARGS "@pm test4" \
"phase:request,\
msg:'Restricted File Access Attempt',\
rev:'1',\
ver:'OWASP_CRS/3.0.0',\
maturity:'7',\
accuracy:'8',\
capture,\
t:none,t:utf8toUnicode,t:urlDecodeUni,t:normalizePathWin,t:lowercase,\
block,\
id:930130,\
tag:'application-multi',\
tag:'language-multi',\
tag:'platform-multi',\
tag:'attack-lfi',\
tag:'OWASP_CRS/WEB_ATTACK/FILE_INJECTION',\
tag:'WASCTC/WASC-33',\
tag:'OWASP_TOP_10/A4',\
tag:'PCI/6.5.4',\
logdata:'Matched Data: %{TX.0} found within %{MATCHED_VAR_NAME}: %{MATCHED_VAR}',\
severity:'CRITICAL',\
setvar:'tx.msg=%{rule.msg}',\
setvar:tx.lfi_score=+%{tx.critical_anomaly_score},\
setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},\
setvar:tx.%{rule.id}-OWASP_CRS/WEB_ATTACK/FILE_INJECTION-%{matched_var_name}=%{tx.0}"
SecRule TX:PARANOIA_LEVEL "@lt 2" "phase:1,id:930013,nolog,pass,skipAfter:END-REQUEST-930-APPLICATION-ATTACK-LFI"
SecRule TX:PARANOIA_LEVEL "@lt 2" "phase:2,id:930014,nolog,pass,skipAfter:END-REQUEST-930-APPLICATION-ATTACK-LFI"
# 146
# 147
# 148
SecRule TX:PARANOIA_LEVEL "@lt 3" "phase:1,id:930015,nolog,pass,skipAfter:END-REQUEST-930-APPLICATION-ATTACK-LFI"
SecRule TX:PARANOIA_LEVEL "@lt 3" "phase:2,id:930016,nolog,pass,skipAfter:END-REQUEST-930-APPLICATION-ATTACK-LFI"
# 154
# 155
# 156
SecRule TX:PARANOIA_LEVEL "@lt 4" "phase:1,id:930017,nolog,pass,skipAfter:END-REQUEST-930-APPLICATION-ATTACK-LFI"
SecRule TX:PARANOIA_LEVEL "@lt 4" "phase:2,id:930018,nolog,pass,skipAfter:END-REQUEST-930-APPLICATION-ATTACK-LFI"
# 162
# 163
# 164
# 168
# 169
# 170
SecMarker "END-REQUEST-930-APPLICATION-ATTACK-LFI"
# 172
SecRule REQUEST_FILENAME|ARGS "@pm test5" \
"phase:request,\
msg:'Restricted File Access Attempt',\
rev:'1',\
ver:'OWASP_CRS/3.0.0',\
maturity:'7',\
accuracy:'8',\
capture,\
t:none,t:utf8toUnicode,t:urlDecodeUni,t:normalizePathWin,t:lowercase,\
block,\
id:9304130,\
tag:'application-multi',\
tag:'language-multi',\
tag:'platform-multi',\
tag:'attack-lfi',\
tag:'OWASP_CRS/WEB_ATTACK/FILE_INJECTION',\
tag:'WASCTC/WASC-33',\
tag:'OWASP_TOP_10/A4',\
tag:'PCI/6.5.4',\
logdata:'Matched Data: %{TX.0} found within %{MATCHED_VAR_NAME}: %{MATCHED_VAR}',\
severity:'CRITICAL',\
setvar:'tx.msg=%{rule.msg}',\
setvar:tx.lfi_score=+%{tx.critical_anomaly_score},\
setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},\
setvar:tx.%{rule.id}-OWASP_CRS/WEB_ATTACK/FILE_INJECTION-%{matched_var_name}=%{tx.0}"

26
test/test-cases/data/not-so-big-file.conf Normal file
View File

@ -0,0 +1,26 @@
# 1
# 2
# 3
# 4
# 5
# 6
# 7
# 8
# 10
# 11
# 12
Include "big-file.conf"
# 18
# 19
# 20
# 22
# 23
# 24
# 25
# 26
# 27
# 28

279
test/test-cases/regression/issue-1844.json Normal file
View File

@ -0,0 +1,279 @@
[
{
"enabled":1,
"version_min":300000,
"title":"m_lineNumber ... mapping ... correct line number in file (1/n)",
"client":{
"ip":"200.249.12.31",
"port":123
},
"server":{
"ip":"200.249.12.31",
"port":80
},
"request":{
"headers":{
"Host":"localhost",
"User-Agent":"curl/7.38.0",
"Accept":"*/*",
"Content-Length": "27",
"Content-Type": "application/x-www-form-urlencoded",
"Authorization": "Basic QWxhZGRpbjpvcGVuIHNlc2FtZQ=="
},
"uri":"/",
"method":"POST",
"body": [
"param1=test1&param2=value2"
]
},
"response":{
"headers":{
"Date":"Mon, 13 Jul 2015 20:02:41 GMT",
"Last-Modified":"Sun, 26 Oct 2014 22:33:37 GMT",
"Content-Type":"text/html"
},
"body":[
"no need."
]
},
"expected":{
"error_log":"line \"29\""
},
"rules":[
"SecRuleEngine On",
"SecRule WEBAPPID \"@contains test1\" \"id:1,phase:3,pass,t:trim\"",
"Include test-cases/data/big-file.conf"
]
},
{
"enabled":1,
"version_min":300000,
"title":"m_lineNumber ... mapping ... correct line number in file (2/n)",
"client":{
"ip":"200.249.12.31",
"port":123
},
"server":{
"ip":"200.249.12.31",
"port":80
},
"request":{
"headers":{
"Host":"localhost",
"User-Agent":"curl/7.38.0",
"Accept":"*/*",
"Content-Length": "27",
"Content-Type": "application/x-www-form-urlencoded",
"Authorization": "Basic QWxhZGRpbjpvcGVuIHNlc2FtZQ=="
},
"uri":"/",
"method":"POST",
"body": [
"param1=test2"
]
},
"response":{
"headers":{
"Date":"Mon, 13 Jul 2015 20:02:41 GMT",
"Last-Modified":"Sun, 26 Oct 2014 22:33:37 GMT",
"Content-Type":"text/html"
},
"body":[
"no need."
]
},
"expected":{
"error_log":"line \"55\""
},
"rules":[
"SecRuleEngine On",
"SecRule WEBAPPID \"@contains test2\" \"id:1,phase:3,pass,t:trim\"",
"Include test-cases/data/big-file.conf"
]
},
{
"enabled":1,
"version_min":300000,
"title":"m_lineNumber ... mapping ... correct line number in file (3/n)",
"client":{
"ip":"200.249.12.31",
"port":123
},
"server":{
"ip":"200.249.12.31",
"port":80
},
"request":{
"headers":{
"Host":"localhost",
"User-Agent":"curl/7.38.0",
"Accept":"*/*",
"Content-Length": "27",
"Content-Type": "application/x-www-form-urlencoded",
"Authorization": "Basic QWxhZGRpbjpvcGVuIHNlc2FtZQ=="
},
"uri":"/",
"method":"POST",
"body": [
"param1=test3"
]
},
"response":{
"headers":{
"Date":"Mon, 13 Jul 2015 20:02:41 GMT",
"Last-Modified":"Sun, 26 Oct 2014 22:33:37 GMT",
"Content-Type":"text/html"
},
"body":[
"no need."
]
},
"expected":{
"error_log":"line \"84\""
},
"rules":[
"SecRuleEngine On",
"SecRule WEBAPPID \"@contains test3\" \"id:1,phase:3,pass,t:trim\"",
"Include test-cases/data/big-file.conf"
]
},
{
"enabled":1,
"version_min":300000,
"title":"m_lineNumber ... mapping ... correct line number in file (4/n)",
"client":{
"ip":"200.249.12.31",
"port":123
},
"server":{
"ip":"200.249.12.31",
"port":80
},
"request":{
"headers":{
"Host":"localhost",
"User-Agent":"curl/7.38.0",
"Accept":"*/*",
"Content-Length": "27",
"Content-Type": "application/x-www-form-urlencoded",
"Authorization": "Basic QWxhZGRpbjpvcGVuIHNlc2FtZQ=="
},
"uri":"/",
"method":"POST",
"body": [
"param1=test4"
]
},
"response":{
"headers":{
"Date":"Mon, 13 Jul 2015 20:02:41 GMT",
"Last-Modified":"Sun, 26 Oct 2014 22:33:37 GMT",
"Content-Type":"text/html"
},
"body":[
"no need."
]
},
"expected":{
"error_log":"line \"116\""
},
"rules":[
"SecRuleEngine On",
"SecRule WEBAPPID \"@contains test3\" \"id:1,phase:3,pass,t:trim\"",
"Include test-cases/data/big-file.conf"
]
},
{
"enabled":1,
"version_min":300000,
"title":"m_lineNumber ... mapping ... correct line number in file (5/n)",
"client":{
"ip":"200.249.12.31",
"port":123
},
"server":{
"ip":"200.249.12.31",
"port":80
},
"request":{
"headers":{
"Host":"localhost",
"User-Agent":"curl/7.38.0",
"Accept":"*/*",
"Content-Length": "27",
"Content-Type": "application/x-www-form-urlencoded",
"Authorization": "Basic QWxhZGRpbjpvcGVuIHNlc2FtZQ=="
},
"uri":"/",
"method":"POST",
"body": [
"param1=test5"
]
},
"response":{
"headers":{
"Date":"Mon, 13 Jul 2015 20:02:41 GMT",
"Last-Modified":"Sun, 26 Oct 2014 22:33:37 GMT",
"Content-Type":"text/html"
},
"body":[
"no need."
]
},
"expected":{
"error_log":"line \"174\""
},
"rules":[
"SecRuleEngine On",
"SecRule WEBAPPID \"@contains test3\" \"id:1,phase:3,pass,t:trim\"",
"Include test-cases/data/big-file.conf"
]
},
{
"enabled":1,
"version_min":300000,
"title":"m_lineNumber ... mapping ... correct line number in file (6/n)",
"client":{
"ip":"200.249.12.31",
"port":123
},
"server":{
"ip":"200.249.12.31",
"port":80
},
"request":{
"headers":{
"Host":"localhost",
"User-Agent":"curl/7.38.0",
"Accept":"*/*",
"Content-Length": "27",
"Content-Type": "application/x-www-form-urlencoded",
"Authorization": "Basic QWxhZGRpbjpvcGVuIHNlc2FtZQ=="
},
"uri":"/",
"method":"POST",
"body": [
"param1=test5"
]
},
"response":{
"headers":{
"Date":"Mon, 13 Jul 2015 20:02:41 GMT",
"Last-Modified":"Sun, 26 Oct 2014 22:33:37 GMT",
"Content-Type":"text/html"
},
"body":[
"no need."
]
},
"expected":{
"error_log":"line \"174\""
},
"rules":[
"SecRuleEngine On",
"SecRule WEBAPPID \"@contains test3\" \"id:1,phase:3,pass,t:trim\"",
"Include test-cases/data/not-so-big-file.conf"
]
}
]