mirror of
https://github.com/owasp-modsecurity/ModSecurity.git
synced 2026-01-14 23:47:11 +03:00
Backport regression suite to 2.5.
This commit is contained in:
brectanus
24
apache2/t/regression/rule/00-basics.t
Normal file
24
apache2/t/regression/rule/00-basics.t
Normal file
@@ -0,0 +1,24 @@
|
||||
### Tests for basic rule components
|
||||
|
||||
# SecAction
|
||||
{
|
||||
type => "rule",
|
||||
comment => "SecAction (override default)",
|
||||
conf => qq(
|
||||
SecRuleEngine On
|
||||
SecDebugLog $ENV{DEBUG_LOG}
|
||||
SecDebugLogLevel 4
|
||||
SecAction "nolog"
|
||||
),
|
||||
match_log => {
|
||||
-error => [ qr/ModSecurity: /, 1 ],
|
||||
-audit => [ qr/./, 1 ],
|
||||
debug => [ qr/Warning\. Unconditional match in SecAction\./, 1 ],
|
||||
},
|
||||
match_response => {
|
||||
status => qr/^200$/,
|
||||
},
|
||||
request => new HTTP::Request(
|
||||
GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt",
|
||||
),
|
||||
},
|
||||
4
apache2/t/regression/rule/00-inheritance.t
Normal file
4
apache2/t/regression/rule/00-inheritance.t
Normal file
@@ -0,0 +1,4 @@
|
||||
### Tests for rule inheritance
|
||||
|
||||
### TODO:
|
||||
# SecRuleInheritance
|
||||
63
apache2/t/regression/rule/00-script.t
Normal file
63
apache2/t/regression/rule/00-script.t
Normal file
@@ -0,0 +1,63 @@
|
||||
### Test for SecRuleScript
|
||||
|
||||
# Lua
|
||||
{
|
||||
type => "rule",
|
||||
comment => "SecRuleScript (lua absolute nomatch)",
|
||||
conf => qq(
|
||||
SecRuleEngine On
|
||||
SecDebugLog $ENV{DEBUG_LOG}
|
||||
SecDebugLogLevel 1
|
||||
SecRuleScript "$ENV{CONF_DIR}/test.lua" "phase:2,deny"
|
||||
),
|
||||
match_log => {
|
||||
-error => [ qr/Lua script matched\./, 1 ],
|
||||
debug => [ qr/Test message\./, 1 ],
|
||||
},
|
||||
match_response => {
|
||||
status => qr/^200$/,
|
||||
},
|
||||
request => new HTTP::Request(
|
||||
GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt",
|
||||
),
|
||||
},
|
||||
{
|
||||
type => "rule",
|
||||
comment => "SecRuleScript (lua relative nomatch)",
|
||||
conf => qq(
|
||||
SecRuleEngine On
|
||||
SecDebugLog $ENV{DEBUG_LOG}
|
||||
SecDebugLogLevel 1
|
||||
SecRuleScript "test.lua" "phase:2,deny"
|
||||
),
|
||||
match_log => {
|
||||
-error => [ qr/Lua script matched\./, 1 ],
|
||||
debug => [ qr/Test message\./, 1 ],
|
||||
},
|
||||
match_response => {
|
||||
status => qr/^200$/,
|
||||
},
|
||||
request => new HTTP::Request(
|
||||
GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt",
|
||||
),
|
||||
},
|
||||
{
|
||||
type => "rule",
|
||||
comment => "SecRuleScript (lua relative match)",
|
||||
conf => qq(
|
||||
SecRuleEngine On
|
||||
SecDebugLog $ENV{DEBUG_LOG}
|
||||
SecDebugLogLevel 1
|
||||
SecRuleScript "match.lua" "phase:2,deny"
|
||||
),
|
||||
match_log => {
|
||||
error => [ qr/ModSecurity: Access denied with code 403 \(phase 2\)\. Lua script matched\./, 1 ],
|
||||
debug => [ qr/Test message\./, 1 ],
|
||||
},
|
||||
match_response => {
|
||||
status => qr/^403$/,
|
||||
},
|
||||
request => new HTTP::Request(
|
||||
GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt",
|
||||
),
|
||||
},
|
||||
129
apache2/t/regression/rule/20-exceptions.t
Normal file
129
apache2/t/regression/rule/20-exceptions.t
Normal file
@@ -0,0 +1,129 @@
|
||||
### Tests for rule exceptions
|
||||
|
||||
# SecRuleRemoveByMsg
|
||||
|
||||
# SecRuleRemoveById
|
||||
{
|
||||
type => "config",
|
||||
comment => "SecRuleRemoveById (single)",
|
||||
conf => qq(
|
||||
SecRuleEngine On
|
||||
SecDebugLog $ENV{DEBUG_LOG}
|
||||
SecDebugLogLevel 9
|
||||
SecRule REQUEST_URI "test" "phase:1,deny,status:500,id:1"
|
||||
SecRuleRemoveById 1
|
||||
),
|
||||
match_log => {
|
||||
-error => [ qr/ModSecurity: /, 1 ],
|
||||
-audit => [ qr/./, 1 ],
|
||||
debug => [ qr/Starting phase REQUEST_HEADERS\..*This phase consists of 0 rule.*Starting phase RESPONSE_HEADERS\./s, 1 ],
|
||||
-debug => [ qr/Access denied/, 1 ],
|
||||
},
|
||||
match_response => {
|
||||
status => qr/^200$/,
|
||||
},
|
||||
request => new HTTP::Request(
|
||||
GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt",
|
||||
),
|
||||
},
|
||||
{
|
||||
type => "config",
|
||||
comment => "SecRuleRemoveById (multiple)",
|
||||
conf => qq(
|
||||
SecRuleEngine On
|
||||
SecDebugLog $ENV{DEBUG_LOG}
|
||||
SecDebugLogLevel 9
|
||||
SecRule REQUEST_URI "test" "phase:1,deny,status:500,id:1"
|
||||
SecRule REQUEST_URI "test" "phase:1,deny,status:500,id:2"
|
||||
SecRule REQUEST_URI "test" "phase:1,deny,status:500,id:3"
|
||||
SecRuleRemoveById 1 2 3
|
||||
),
|
||||
match_log => {
|
||||
-error => [ qr/ModSecurity: /, 1 ],
|
||||
-audit => [ qr/./, 1 ],
|
||||
debug => [ qr/Starting phase REQUEST_HEADERS\..*This phase consists of 0 rule.*Starting phase RESPONSE_HEADERS\./s, 1 ],
|
||||
-debug => [ qr/Access denied/, 1 ],
|
||||
},
|
||||
match_response => {
|
||||
status => qr/^200$/,
|
||||
},
|
||||
request => new HTTP::Request(
|
||||
GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt",
|
||||
),
|
||||
},
|
||||
{
|
||||
type => "config",
|
||||
comment => "SecRuleRemoveById (range)",
|
||||
conf => qq(
|
||||
SecRuleEngine On
|
||||
SecDebugLog $ENV{DEBUG_LOG}
|
||||
SecDebugLogLevel 9
|
||||
SecRule REQUEST_URI "test" "phase:1,deny,status:500,id:1"
|
||||
SecRule REQUEST_URI "test" "phase:1,deny,status:500,id:2"
|
||||
SecRule REQUEST_URI "test" "phase:1,deny,status:500,id:3"
|
||||
SecRuleRemoveById 1-3
|
||||
),
|
||||
match_log => {
|
||||
-error => [ qr/ModSecurity: /, 1 ],
|
||||
-audit => [ qr/./, 1 ],
|
||||
debug => [ qr/Starting phase REQUEST_HEADERS\..*This phase consists of 0 rule.*Starting phase RESPONSE_HEADERS\./s, 1 ],
|
||||
-debug => [ qr/Access denied/, 1 ],
|
||||
},
|
||||
match_response => {
|
||||
status => qr/^200$/,
|
||||
},
|
||||
request => new HTTP::Request(
|
||||
GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt",
|
||||
),
|
||||
},
|
||||
{
|
||||
type => "config",
|
||||
comment => "SecRuleRemoveById (multiple + range)",
|
||||
conf => qq(
|
||||
SecRuleEngine On
|
||||
SecDebugLog $ENV{DEBUG_LOG}
|
||||
SecDebugLogLevel 9
|
||||
SecRule REQUEST_URI "test" "phase:1,deny,status:500,id:1"
|
||||
SecRule REQUEST_URI "test" "phase:1,deny,status:500,id:2"
|
||||
SecRule REQUEST_URI "test" "phase:1,deny,status:500,id:3"
|
||||
SecRule REQUEST_URI "test" "phase:1,deny,status:500,id:4"
|
||||
SecRuleRemoveById 1 2-4
|
||||
),
|
||||
match_log => {
|
||||
-error => [ qr/ModSecurity: /, 1 ],
|
||||
-audit => [ qr/./, 1 ],
|
||||
debug => [ qr/Starting phase REQUEST_HEADERS\..*This phase consists of 0 rule.*Starting phase RESPONSE_HEADERS\./s, 1 ],
|
||||
-debug => [ qr/Access denied/, 1 ],
|
||||
},
|
||||
match_response => {
|
||||
status => qr/^200$/,
|
||||
},
|
||||
request => new HTTP::Request(
|
||||
GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt",
|
||||
),
|
||||
},
|
||||
|
||||
# SecRuleRemoveByMsg
|
||||
{
|
||||
type => "config",
|
||||
comment => "SecRuleRemoveByMsg",
|
||||
conf => qq(
|
||||
SecRuleEngine On
|
||||
SecDebugLog $ENV{DEBUG_LOG}
|
||||
SecDebugLogLevel 9
|
||||
SecRule REQUEST_URI "test" "phase:1,deny,status:500,id:1,msg:'testing rule'"
|
||||
SecRuleRemoveByMsg "testing rule"
|
||||
),
|
||||
match_log => {
|
||||
-error => [ qr/ModSecurity: /, 1 ],
|
||||
-audit => [ qr/./, 1 ],
|
||||
debug => [ qr/Starting phase REQUEST_HEADERS\..*This phase consists of 0 rule.*Starting phase RESPONSE_HEADERS\./s, 1 ],
|
||||
-debug => [ qr/Access denied/, 1 ],
|
||||
},
|
||||
match_response => {
|
||||
status => qr/^200$/,
|
||||
},
|
||||
request => new HTTP::Request(
|
||||
GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt",
|
||||
),
|
||||
},
|
||||
Reference in New Issue
Block a user