Adds regression test to the hash functionality

As reported on: #742 and #752 it seems that the SecHash functionality is not working as expected.
2025-08-14 05:45:59 +03:00 · 2014-07-07 15:13:52 -07:00 · 2014-07-07 15:13:52 -07:00 · 9c4c732e4e
commit 9c4c732e4e
parent 046b553736
2 changed files with 124 additions and 0 deletions
--- a/tests/regression/misc/40-sec-hash-engine.t
+++ b/tests/regression/misc/40-sec-hash-engine.t
@ -0,0 +1,118 @@
+### libinjection.
+
+{
+	type => "misc",
+	comment => "SecHash engine - missing paramenter",
+	conf => qq(
+		SecRuleEngine On
+		SecDebugLog $ENV{DEBUG_LOG}
+		SecDebugLogLevel 9
+                SecRequestBodyAccess On
+		SecContentInjection On
+		SecStreamOutBodyInspection On
+		SecDisableBackendCompression On
+
+		SecHashEngine On
+		SecHashParam "hmac"
+		SecHashKey "some_key" KeyOnly
+		SecHashMethodRx "HashHref" "\.(txt)"
+		SecRule REQUEST_URI "\@validateHash \.(txt)" "phase:2,id:1000,t:none,ctl:hashEnforcement=On,deny"
+	),
+	match_log => {
+		error => [ qr/Request URI matched .* at REQUEST_URI. No Hash parameter/, 1],
+		debug => [ qr/Request URI without hash parameter/, 1 ],
+	},
+	match_response => {
+		status => qr/^403$/,
+	},
+	request => new HTTP::Request(
+		GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt",
+	),
+},
+{
+	type => "misc",
+	comment => "SecHash engine - wrong paramenter",
+	conf => qq(
+		SecRuleEngine On
+		SecDebugLog $ENV{DEBUG_LOG}
+		SecDebugLogLevel 9
+                SecRequestBodyAccess On
+		SecContentInjection On
+		SecStreamOutBodyInspection On
+		SecDisableBackendCompression On
+
+		SecHashEngine On
+		SecHashParam "hmac"
+		SecHashKey "some_key" KeyOnly
+		SecHashMethodRx "HashHref" "\.(txt)"
+		SecRule REQUEST_URI "\@validateHash \.(txt)" "phase:2,id:1000,t:none,ctl:hashEnforcement=On,deny"
+	),
+	match_log => {
+		error => [ qr/Request URI matched .* at REQUEST_URI. Hash parameter hash value = .* Requested URI hash value = .*/, 1],
+	},
+	match_response => {
+		status => qr/^403$/,
+	},
+	request => new HTTP::Request(
+		GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt?hmac=test",
+	),
+},
+{
+	type => "misc",
+	comment => "SecHash engine - correct paramenter",
+	conf => qq(
+		SecRuleEngine On
+		SecDebugLog $ENV{DEBUG_LOG}
+		SecDebugLogLevel 9
+                SecRequestBodyAccess On
+		SecContentInjection On
+		SecStreamOutBodyInspection On
+		SecDisableBackendCompression On
+
+		SecHashEngine On
+		SecHashParam "hmac"
+		SecHashKey "some_key" KeyOnly
+		SecHashMethodRx "HashHref" "\.(txt)"
+		SecRule REQUEST_URI "\@validateHash \.(txt)" "phase:2,id:1000,t:none,ctl:hashEnforcement=On,deny"
+	),
+	match_log => {
+		-error => [ qr/Request URI matched .* at REQUEST_URI. Hash parameter hash value = .* Requested URI hash value = .*/, 1],
+	},
+	match_response => {
+		status => qr/^200$/,
+	},
+	request => new HTTP::Request(
+		GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt?hmac=a17d5c0a78b54a15f19ccb5d47651470c7b8f31f",
+	),
+},
+{
+	type => "misc",
+	comment => "SecHash engine - link verification",
+	conf => qq(
+		SecRuleEngine On
+		SecDebugLogLevel 9
+		SecDebugLog $ENV{DEBUG_LOG}
+
+		SecContentInjection On
+		SecStreamOutBodyInspection On
+		SecDisableBackendCompression On
+
+		SecHashEngine On
+		SecHashParam "hmac"
+		SecHashKey "rand" "KeyOnly"
+		SecHashMethodRx "HashHref" "testparam"
+	),
+	match_log => {
+		-error => [ qr/Request URI matched .* at REQUEST_URI. Hash parameter hash value = .* Requested URI hash value = .*/, 1],
+	},
+	match_response => {
+		content => qr/testparam=123456&amp;hmac=a95a6c5324869521e82e8b2465dd36a27b0b6d27/,
+	},
+
+	request => new HTTP::Request(
+		GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/hash_test.html",
+	),
+},
+
+
+
--- a/tests/regression/server_root/htdocs/hash_test.html
+++ b/tests/regression/server_root/htdocs/hash_test.html
@ -0,0 +1,6 @@
+<html>
+<body>
+<a href="test.txt?testparam=123456">Test</a>
+<a href="text2.txt?testparam=123456">Test 2</a>
+</body>
+</html>