mirror of
https://github.com/owasp-modsecurity/ModSecurity.git
synced 2025-09-29 19:24:29 +03:00
More tested regression tests.
Cleaned up script.
This commit is contained in:
brectanus
@@ -132,18 +132,12 @@
|
||||
}
|
||||
|
||||
# Verify concurrent log contents
|
||||
$LOG{$id}{fd} = new FileHandle($alogdatafn, O_RDONLY);
|
||||
$LOG{$id}{fd}->blocking(0);
|
||||
$LOG{$id}{buf} = "";
|
||||
my $alogdata = match_log($id, qr/^--[^-]+-A--.*$id.*-Z--$/s, 1);
|
||||
if (defined $alogdata) {
|
||||
$LOG{$id}{fd}->close();
|
||||
delete $LOG{$id};
|
||||
if (defined match_file($alogdatafn, qr/^--[^-]+-A--.*$id.*-Z--$/s)) {
|
||||
return 0;
|
||||
}
|
||||
|
||||
# Error
|
||||
dbg("LOGDATA: \"$alogdata\"");
|
||||
dbg("LOGDATA: \"$FILE{$alogdatafn}{buf}\"");
|
||||
die "Audit log data did not match.\n";
|
||||
},
|
||||
match_response => {
|
||||
|
||||
@@ -2,13 +2,31 @@
|
||||
|
||||
### TODO:
|
||||
# SecTmpDir
|
||||
# SecUploadDir
|
||||
# SecUploadKeepFiles
|
||||
# SecWebAppId
|
||||
# SecDataDir
|
||||
# SecChrootDir
|
||||
# SecGuardianLog
|
||||
|
||||
# SecDefaultAction
|
||||
{
|
||||
type => "config",
|
||||
comment => "SecDefaultAction",
|
||||
conf => qq(
|
||||
SecRuleEngine on
|
||||
SecDefaultAction "phase:1,deny,status:500"
|
||||
SecRule REQUEST_URI "test.txt"
|
||||
),
|
||||
match_log => {
|
||||
error => [ qr/ModSecurity: Access denied with code 500 \(phase 1\)/, 1 ],
|
||||
},
|
||||
match_response => {
|
||||
status => qr/^500$/,
|
||||
},
|
||||
request => new HTTP::Request(
|
||||
GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt",
|
||||
),
|
||||
},
|
||||
|
||||
# SecServerSignature
|
||||
{
|
||||
type => "config",
|
||||
@@ -28,22 +46,78 @@
|
||||
),
|
||||
},
|
||||
|
||||
# SecDefaultAction
|
||||
# SecDataDir
|
||||
{
|
||||
type => "config",
|
||||
comment => "SecServerSignature On",
|
||||
comment => "SecDataDir",
|
||||
conf => qq(
|
||||
SecRuleEngine on
|
||||
SecDefaultAction "phase:1,deny,status:500"
|
||||
SecRule REQUEST_URI "test.txt"
|
||||
SecRuleEngine On
|
||||
SecDataDir "$ENV{DATA_DIR}"
|
||||
SecAction initcol:ip=%{REMOTE_ADDR},setvar:ip.dummy=1,pass
|
||||
),
|
||||
match_log => {
|
||||
error => [ qr/ModSecurity: Access denied with code 500 \(phase 1\)/, 1 ],
|
||||
error => [ qr/ModSecurity: Warning. Unconditional match in SecAction\./, 1 ],
|
||||
},
|
||||
match_file => {
|
||||
"$ENV{DATA_DIR}/ip.pag" => qr/\x00\x06dummy\x00\x00\x021\x00/,
|
||||
},
|
||||
match_response => {
|
||||
status => qr/^500$/,
|
||||
status => qr/^200$/,
|
||||
},
|
||||
request => new HTTP::Request(
|
||||
GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt",
|
||||
),
|
||||
},
|
||||
|
||||
# SecTmpDir/SecUploadDir/SecUploadKeepFiles
|
||||
{
|
||||
type => "config",
|
||||
comment => "SecTmpDir/SecUploadDir/SecUploadKeepFiles",
|
||||
conf => qq(
|
||||
SecRuleEngine On
|
||||
SecRequestBodyAccess On
|
||||
SecDebugLog $ENV{DEBUG_LOG}
|
||||
SecDebugLogLevel 4
|
||||
SecTmpDir "$ENV{TEMP_DIR}"
|
||||
SecUploadKeepFiles On
|
||||
SecUploadDir "$ENV{UPLOAD_DIR}"
|
||||
),
|
||||
test => sub {
|
||||
# Get the filename and make sure the file exists
|
||||
my $fn = match_log(debug => qr/Moved file from .* to ".*"\./, 5);
|
||||
die "Failed to determine uploaded filename\n" unless (defined $fn);
|
||||
|
||||
$fn =~ s/Moved file from .* to "(.*)"\..*/$1/;
|
||||
die "File does not exist: $fn\n" unless (-e $fn);
|
||||
|
||||
# Check the contents of the file
|
||||
return 0 if (match_file($fn, qr/^TESTFILE$/m));
|
||||
|
||||
msg("Failed to match contents of uploaded file: $fn");
|
||||
return 1;
|
||||
},
|
||||
match_log => {
|
||||
debug => [ qr/Created temporary file: $ENV{TEMP_DIR}/, 1 ],
|
||||
-debug => [ qr/Failed to /, 1 ],
|
||||
},
|
||||
match_response => {
|
||||
status => qr/^200$/,
|
||||
},
|
||||
request => new HTTP::Request(
|
||||
POST => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt",
|
||||
[
|
||||
"Content-Type" => "multipart/form-data; boundary=---------------------------19813181771830765643996187206",
|
||||
],
|
||||
q(-----------------------------19813181771830765643996187206
|
||||
Content-Disposition: form-data; name="upload-file"; filename="test"
|
||||
Content-Type: application/octet-stream
|
||||
|
||||
TESTFILE
|
||||
-----------------------------19813181771830765643996187206
|
||||
Content-Disposition: form-data; name="file"
|
||||
|
||||
Upload File
|
||||
-----------------------------19813181771830765643996187206--),
|
||||
),
|
||||
},
|
||||
|
||||
|
||||
35
apache2/t/regression/config/20-chroot.t
Normal file
35
apache2/t/regression/config/20-chroot.t
Normal file
@@ -0,0 +1,35 @@
|
||||
### SecChroot tests
|
||||
# TODO: Will not work as we need root access
|
||||
|
||||
#{
|
||||
# type => "config",
|
||||
# comment => "SecChroot",
|
||||
# httpd_opts => qw(
|
||||
# -DCHROOT
|
||||
# ),
|
||||
# conf => qq(
|
||||
# # These will be in the chroot
|
||||
# PidFile /logs/httpd.pid
|
||||
# ScoreBoardFile /logs/httpd.scoreboard
|
||||
# User nobody
|
||||
# Group nogroup
|
||||
#
|
||||
# SecAuditEngine On
|
||||
# SecDebugLog $ENV{DEBUG_LOG}
|
||||
# SecDebugLogLevel 9
|
||||
# SecAuditLog $ENV{AUDIT_LOG}
|
||||
# SecAuditLogStorageDir "/logs/audit"
|
||||
# SecAuditLogType Concurrent
|
||||
# SecChrootDir "$ENV{TEST_SERVER_ROOT}"
|
||||
# ),
|
||||
# match_log => {
|
||||
# debug => [ qr/./, 1 ],
|
||||
# audit => [ qr/./, 1 ],
|
||||
# },
|
||||
# match_response => {
|
||||
# status => qr/^200$/,
|
||||
# },
|
||||
# request => new HTTP::Request(
|
||||
# GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt",
|
||||
# ),
|
||||
#},
|
||||
Reference in New Issue
Block a user