github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2025-11-15 17:12:14 +03:00
Code Issues Packages Projects Releases Wiki Activity

Refactoring on Action - having RuleWithAction and RuleWithActionsProperties

Browse Source
This commit is contained in:
Felipe Zimmerle
2020-09-23 13:48:15 -03:00
parent 1efd5e460d
commit bb7bd975bf
44 changed files with 2172 additions and 1533 deletions
Download Patch File Download Diff File Expand all files Collapse all files

349
test/test-cases/regression/auditlog.json
View File

@@ -270,5 +270,354 @@
"SecAuditLogType Serial",
"SecAuditLogRelevantStatus \"^(?:5|4(?!04))\""
]
},
{
"enabled": 1,
"version_min": 300000,
"version_max": 0,
"title": "auditlog : messages verification - DetectionOnly,log,auditlog",
"client": {
"ip": "200.249.12.31",
"port": 2313
},
"server": {
"ip": "200.249.12.31",
"port": 80
},
"request": {
"headers": {
"Host": "www.modsecurity.org",
"User-Agent": "Mozilla\/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.1.5) Gecko\/20091102 Firefox\/3.5.5 (.NET CLR 3.5.30729)",
"Accept": "text\/html,application\/xhtml+xml,application\/xml;q=0.9,*\/*;q=0.8",
"Accept-Language": "en-us,en;q=0.5",
"Accept-Encoding": "gzip,deflate",
"Accept-Charset": "ISO-8859-1,utf-8;q=0.7,*;q=0.7",
"Keep-Alive": "300",
"Connection": "keep-alive",
"Pragma": "no-cache",
"Cache-Control": "no-cache"
},
"uri": "\/test.pl?param1=test1&param2=test2",
"method": "GET",
"http_version": 1.1,
"body": ""
},
"expected": {
"audit_log": "1555",
"error_log": "",
"http_code": 200
},
"rules": [
"SecRuleEngine DetectionOnly",
"SecDefaultAction \"phase:2,log,auditlog,deny,status:403\"",
"SecRule ARGS \"@contains test1\" \"id:1555,phase:2,block,log,auditlog\"",
"SecAuditEngine RelevantOnly",
"SecAuditLogParts ABCFHZ",
"SecAuditLog /tmp/test/modsec_audit_auditlog_1.log",
"SecAuditLogDirMode 0766",
"SecAuditLogFileMode 0666",
"SecAuditLogType Serial",
"SecAuditLogRelevantStatus \"^(?:5|4(?!04))\""
]
},
{
"enabled": 1,
"version_min": 300000,
"version_max": 0,
"title": "auditlog : messages verification - DetectionOnly,log",
"client": {
"ip": "200.249.12.31",
"port": 2313
},
"server": {
"ip": "200.249.12.31",
"port": 80
},
"request": {
"headers": {
"Host": "www.modsecurity.org",
"User-Agent": "Mozilla\/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.1.5) Gecko\/20091102 Firefox\/3.5.5 (.NET CLR 3.5.30729)",
"Accept": "text\/html,application\/xhtml+xml,application\/xml;q=0.9,*\/*;q=0.8",
"Accept-Language": "en-us,en;q=0.5",
"Accept-Encoding": "gzip,deflate",
"Accept-Charset": "ISO-8859-1,utf-8;q=0.7,*;q=0.7",
"Keep-Alive": "300",
"Connection": "keep-alive",
"Pragma": "no-cache",
"Cache-Control": "no-cache"
},
"uri": "\/test.pl?param1=test1&param2=test2",
"method": "GET",
"http_version": 1.1,
"body": ""
},
"expected": {
"audit_log": "1555",
"error_log": "",
"http_code": 200
},
"rules": [
"SecRuleEngine DetectionOnly",
"SecDefaultAction \"phase:2,log,auditlog,deny,status:403\"",
"SecRule ARGS \"@contains test1\" \"id:1555,phase:2,block,log\"",
"SecAuditEngine RelevantOnly",
"SecAuditLogParts ABCFHZ",
"SecAuditLog /tmp/test/modsec_audit_auditlog_1.log",
"SecAuditLogDirMode 0766",
"SecAuditLogFileMode 0666",
"SecAuditLogType Serial",
"SecAuditLogRelevantStatus \"^(?:5|4(?!04))\""
]
},
{
"enabled": 1,
"version_min": 300000,
"version_max": 0,
"title": "auditlog : messages verification - DetectionOnly,nolog",
"client": {
"ip": "200.249.12.31",
"port": 2313
},
"server": {
"ip": "200.249.12.31",
"port": 80
},
"request": {
"headers": {
"Host": "www.modsecurity.org",
"User-Agent": "Mozilla\/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.1.5) Gecko\/20091102 Firefox\/3.5.5 (.NET CLR 3.5.30729)",
"Accept": "text\/html,application\/xhtml+xml,application\/xml;q=0.9,*\/*;q=0.8",
"Accept-Language": "en-us,en;q=0.5",
"Accept-Encoding": "gzip,deflate",
"Accept-Charset": "ISO-8859-1,utf-8;q=0.7,*;q=0.7",
"Keep-Alive": "300",
"Connection": "keep-alive",
"Pragma": "no-cache",
"Cache-Control": "no-cache"
},
"uri": "\/test.pl?param1=test1&param2=test2",
"method": "GET",
"http_version": 1.1,
"body": ""
},
"expected": {
"audit_log": "^$",
"error_log": "",
"http_code": 200
},
"rules": [
"SecRuleEngine On",
"SecDefaultAction \"phase:2,log,auditlog,deny,status:403\"",
"SecRule ARGS \"@contains test1\" \"id:1555,phase:2,pass,nolog\"",
"SecAuditEngine RelevantOnly",
"SecAuditLogParts ABCFHZ",
"SecAuditLog /tmp/test/modsec_audit_auditlog_1.log",
"SecAuditLogDirMode 0766",
"SecAuditLogFileMode 0666",
"SecAuditLogFormat JSON",
"SecAuditLogType Serial",
"SecAuditLogRelevantStatus \"^(?:5|4(?!04))\""
]
},
{
"enabled": 1,
"version_min": 300000,
"version_max": 0,
"title": "auditlog : messages verification - DetectionOnly (no log info)",
"client": {
"ip": "200.249.12.31",
"port": 2313
},
"server": {
"ip": "200.249.12.31",
"port": 80
},
"request": {
"headers": {
"Host": "www.modsecurity.org",
"User-Agent": "Mozilla\/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.1.5) Gecko\/20091102 Firefox\/3.5.5 (.NET CLR 3.5.30729)",
"Accept": "text\/html,application\/xhtml+xml,application\/xml;q=0.9,*\/*;q=0.8",
"Accept-Language": "en-us,en;q=0.5",
"Accept-Encoding": "gzip,deflate",
"Accept-Charset": "ISO-8859-1,utf-8;q=0.7,*;q=0.7",
"Keep-Alive": "300",
"Connection": "keep-alive",
"Pragma": "no-cache",
"Cache-Control": "no-cache"
},
"uri": "\/test.pl?param1=test1&param2=test2",
"method": "GET",
"http_version": 1.1,
"body": ""
},
"expected": {
"audit_log": "",
"error_log": "",
"http_code": 200
},
"rules": [
"SecRuleEngine DetectionOnly",
"SecDefaultAction \"phase:2,deny,status:403\"",
"SecRule ARGS \"@contains test1\" \"id:1555,phase:2,block\"",
"SecAuditEngine RelevantOnly",
"SecAuditLogParts ABCFHZ",
"SecAuditLog /tmp/test/modsec_audit_auditlog_1.log",
"SecAuditLogDirMode 0766",
"SecAuditLogFileMode 0666",
"SecAuditLogFormat JSON",
"SecAuditLogType Serial",
"SecAuditLogRelevantStatus \"^(?:5|4(?!04))\""
]
},
{
"enabled": 1,
"version_min": 300000,
"version_max": 0,
"title": "auditlog : messages verification - DetectionOnly (noauditlog)",
"client": {
"ip": "200.249.12.31",
"port": 2313
},
"server": {
"ip": "200.249.12.31",
"port": 80
},
"request": {
"headers": {
"Host": "www.modsecurity.org",
"User-Agent": "Mozilla\/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.1.5) Gecko\/20091102 Firefox\/3.5.5 (.NET CLR 3.5.30729)",
"Accept": "text\/html,application\/xhtml+xml,application\/xml;q=0.9,*\/*;q=0.8",
"Accept-Language": "en-us,en;q=0.5",
"Accept-Encoding": "gzip,deflate",
"Accept-Charset": "ISO-8859-1,utf-8;q=0.7,*;q=0.7",
"Keep-Alive": "300",
"Connection": "keep-alive",
"Pragma": "no-cache",
"Cache-Control": "no-cache"
},
"uri": "\/test.pl?param1=test1&param2=test2",
"method": "GET",
"http_version": 1.1,
"body": ""
},
"expected": {
"audit_log": "",
"error_log": "",
"http_code": 200,
"debug_log":"is not interesting to audit logs, relevant code"
},
"rules": [
"SecRuleEngine DetectionOnly",
"SecDefaultAction \"phase:2,deny,status:403,noauditlog\"",
"SecRule ARGS \"@contains test1\" \"id:1555,phase:2,noauditlog,block\"",
"SecAuditEngine RelevantOnly",
"SecAuditLogParts ABCFHZ",
"SecAuditLog /tmp/test/modsec_audit_auditlog_1.log",
"SecAuditLogDirMode 0766",
"SecAuditLogFileMode 0666",
"SecAuditLogFormat JSON",
"SecAuditLogType Serial",
"SecAuditLogRelevantStatus \"^(?:5|4(?!04))\""
]
},
{
"enabled": 1,
"version_min": 300000,
"version_max": 0,
"title": "auditlog : messages verification - DetectionOnly (noauditlog & nodefault & pass)",
"client": {
"ip": "200.249.12.31",
"port": 2313
},
"server": {
"ip": "200.249.12.31",
"port": 80
},
"request": {
"headers": {
"Host": "www.modsecurity.org",
"User-Agent": "Mozilla\/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.1.5) Gecko\/20091102 Firefox\/3.5.5 (.NET CLR 3.5.30729)",
"Accept": "text\/html,application\/xhtml+xml,application\/xml;q=0.9,*\/*;q=0.8",
"Accept-Language": "en-us,en;q=0.5",
"Accept-Encoding": "gzip,deflate",
"Accept-Charset": "ISO-8859-1,utf-8;q=0.7,*;q=0.7",
"Keep-Alive": "300",
"Connection": "keep-alive",
"Pragma": "no-cache",
"Cache-Control": "no-cache"
},
"uri": "\/test.pl?param1=test1&param2=test2",
"method": "GET",
"http_version": 1.1,
"body": ""
},
"expected": {
"audit_log": "",
"error_log": "",
"http_code": 200,
"debug_log": "is not interesting to audit logs, relevant code"
},
"rules": [
"SecRuleEngine DetectionOnly",
"SecRule ARGS \"@contains test1\" \"id:1555,phase:2,pass,noauditlog\"",
"SecAuditEngine RelevantOnly",
"SecAuditLogParts ABCFHZ",
"SecAuditLog /tmp/test/modsec_audit_auditlog_1.log",
"SecAuditLogDirMode 0766",
"SecAuditLogFileMode 0666",
"SecAuditLogFormat JSON",
"SecAuditLogType Serial",
"SecAuditLogRelevantStatus \"^(?:5|4(?!04))\""
]
},
{
"enabled": 1,
"version_min": 300000,
"version_max": 0,
"title": "auditlog : messages verification - DetectionOnly (noauditlog & nodefault & nopass)",
"client": {
"ip": "200.249.12.31",
"port": 2313
},
"server": {
"ip": "200.249.12.31",
"port": 80
},
"request": {
"headers": {
"Host": "www.modsecurity.org",
"User-Agent": "Mozilla\/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.1.5) Gecko\/20091102 Firefox\/3.5.5 (.NET CLR 3.5.30729)",
"Accept": "text\/html,application\/xhtml+xml,application\/xml;q=0.9,*\/*;q=0.8",
"Accept-Language": "en-us,en;q=0.5",
"Accept-Encoding": "gzip,deflate",
"Accept-Charset": "ISO-8859-1,utf-8;q=0.7,*;q=0.7",
"Keep-Alive": "300",
"Connection": "keep-alive",
"Pragma": "no-cache",
"Cache-Control": "no-cache"
},
"uri": "\/test.pl?param1=test1&param2=test2",
"method": "GET",
"http_version": 1.1,
"body": ""
},
"expected": {
"audit_log": "",
"error_log": "",
"http_code": 200,
"debug_log": "is not interesting to audit logs, relevant code"
},
"rules": [
"SecRuleEngine DetectionOnly",
"SecRule ARGS \"@contains test1\" \"id:1555,phase:2,noauditlog\"",
"SecAuditEngine RelevantOnly",
"SecAuditLogParts ABCFHZ",
"SecAuditLog /tmp/test/modsec_audit_auditlog_1.log",
"SecAuditLogDirMode 0766",
"SecAuditLogFileMode 0666",
"SecAuditLogFormat JSON",
"SecAuditLogType Serial",
"SecAuditLogRelevantStatus \"^(?:5|4(?!04))\""
]
}
]

5
test/test-cases/regression/issue-1528.json
View File

@@ -27,12 +27,13 @@
},
"expected": {
"debug_log": "Rule returned 1",
"error_log": "Matched \"Operator `Rx' with parameter `\\^attack\\$'"
"error_log": "Matched \"Operator `Rx' with parameter `\\^attack\\$'",
"http_code": 403
},
"rules": [
"SecRuleEngine On",
"SecAction \"id:1, setvar:tx.bad_value=attack\"",
"SecRule ARGS:param \"@rx ^%{tx.bad_value}$\" \"id:2,log\""
"SecRule ARGS:param \"@rx ^%{tx.bad_value}$\" \"id:2,log,deny\""
]
}
]

4
test/test-cases/regression/issue-1844.json
View File

@@ -85,10 +85,12 @@
]
},
"expected":{
"error_log":"line \"55\""
"error_log":"line \"55\"",
"http_code": 403
},
"rules":[
"SecRuleEngine On",
"SecDefaultAction \"phase:2,deny\"",
"SecRule WEBAPPID \"@contains test2\" \"id:1,phase:3,pass,t:trim\"",
"Include test-cases/data/big-file.conf"
]