mirror of
https://github.com/owasp-modsecurity/ModSecurity.git
synced 2025-11-17 18:05:28 +03:00
Add support for capturing group test cases
This enables unit tests to compare the matching groups as well, not just binary match-no match.
This commit is contained in:
WGH
Felipe Zimmerle
@@ -41,6 +41,10 @@
|
||||
using modsecurity_test::UnitTest;
|
||||
using modsecurity_test::ModSecurityTest;
|
||||
using modsecurity_test::ModSecurityTestResults;
|
||||
using modsecurity::ModSecurity;
|
||||
using modsecurity::Rule;
|
||||
using modsecurity::Rules;
|
||||
using modsecurity::Transaction;
|
||||
using modsecurity::actions::transformations::Transformation;
|
||||
using modsecurity::operators::Operator;
|
||||
|
||||
@@ -53,8 +57,20 @@ void print_help() {
|
||||
std::cout << std::endl;
|
||||
}
|
||||
|
||||
static std::vector<std::string> get_capturing_groups(Transaction &transaction) {
|
||||
// capturing groups are stored in the TX collection as "0", "1", and so on
|
||||
std::vector<std::string> res;
|
||||
for (int i = 0;; i++) {
|
||||
const std::string key = std::to_string(i);
|
||||
auto s = transaction.m_collections.m_tx_collection->resolveFirst(key);
|
||||
if (s == NULL) break;
|
||||
res.push_back(*s);
|
||||
}
|
||||
return res;
|
||||
}
|
||||
|
||||
void perform_unit_test(ModSecurityTest<UnitTest> *test, UnitTest *t,
|
||||
static void perform_unit_test(ModSecurity *modsec,
|
||||
ModSecurityTest<UnitTest> *test, UnitTest *t,
|
||||
ModSecurityTestResults<UnitTest>* res) {
|
||||
std::string error;
|
||||
bool found = true;
|
||||
@@ -77,11 +93,27 @@ void perform_unit_test(ModSecurityTest<UnitTest> *test, UnitTest *t,
|
||||
}
|
||||
|
||||
if (t->type == "op") {
|
||||
Rules rules{};
|
||||
Transaction transaction{modsec, &rules, NULL};
|
||||
Operator *op = Operator::instantiate(t->name, t->param);
|
||||
Rule rule{NULL, NULL, NULL, "", 1};
|
||||
|
||||
// Rx operator won't capture groups otherwise
|
||||
rule.m_containsCaptureAction = true;
|
||||
|
||||
op->init(t->filename, &error);
|
||||
int ret = op->evaluate(NULL, NULL, t->input, NULL);
|
||||
int ret = op->evaluate(&transaction, &rule, t->input, NULL);
|
||||
t->obtained = ret;
|
||||
if (ret != t->ret) {
|
||||
|
||||
bool pass = (ret == t->ret);
|
||||
if (t->re_groups.size() > 0) {
|
||||
t->obtained_re_groups = get_capturing_groups(transaction);
|
||||
if (t->re_groups != t->obtained_re_groups) {
|
||||
pass = false;
|
||||
}
|
||||
}
|
||||
|
||||
if (!pass) {
|
||||
res->push_back(t);
|
||||
if (test->m_automake_output) {
|
||||
std::cout << "FAIL ";
|
||||
@@ -152,6 +184,8 @@ int main(int argc, char **argv) {
|
||||
test.load_tests("test-cases/secrules-language-tests/transformations");
|
||||
}
|
||||
|
||||
ModSecurity modsec{};
|
||||
|
||||
for (std::pair<std::string, std::vector<UnitTest *> *> a : test) {
|
||||
std::vector<UnitTest *> *tests = a.second;
|
||||
|
||||
@@ -162,7 +196,7 @@ int main(int argc, char **argv) {
|
||||
if (!test.m_automake_output) {
|
||||
std::cout << " " << a.first << "...\t";
|
||||
}
|
||||
perform_unit_test(&test, t, &r);
|
||||
perform_unit_test(&modsec, &test, t, &r);
|
||||
|
||||
if (!test.m_automake_output) {
|
||||
int skp = 0;
|
||||
|
||||
Reference in New Issue
Block a user