More tested regression tests.

Cleaned up script.
2025-09-30 03:34:29 +03:00 · 2008-05-30 00:13:50 +00:00
parent 043a5d6082
commit d06a3beab4
9 changed files with 677 additions and 82 deletions
--- a/apache2/t/regression/rule/00-basics.t
+++ b/apache2/t/regression/rule/00-basics.t
@@ -0,0 +1,24 @@
+### Tests for basic rule components
+
+# SecAction
+{
+	type => "config",
+	comment => "SecAction (override default)",
+	conf => qq(
+		SecRuleEngine On
+		SecDebugLog $ENV{DEBUG_LOG}
+		SecDebugLogLevel 4
+		SecAction "nolog"
+	),
+	match_log => {
+		-error => [ qr/ModSecurity: /, 1 ],
+		-audit => [ qr/./, 1 ],
+		debug => [ qr/Warning\. Unconditional match in SecAction\./, 1 ],
+	},
+	match_response => {
+		status => qr/^200$/,
+	},
+	request => new HTTP::Request(
+		GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt",
+	),
+},
--- a/apache2/t/regression/rule/00-inheritance.t
+++ b/apache2/t/regression/rule/00-inheritance.t
@@ -0,0 +1,4 @@
+### Tests for rule inheritance
+
+### TODO:
+# SecRuleInheritance
--- a/apache2/t/regression/rule/20-exceptions.t
+++ b/apache2/t/regression/rule/20-exceptions.t
@@ -0,0 +1,129 @@
+### Tests for rule exceptions
+
+# SecRuleRemoveByMsg
+
+# SecRuleRemoveById
+{
+	type => "config",
+	comment => "SecRuleRemoveById (single)",
+	conf => qq(
+		SecRuleEngine On
+		SecDebugLog $ENV{DEBUG_LOG}
+		SecDebugLogLevel 9
+		SecRule REQUEST_URI "test" "phase:1,deny,status:500,id:1"
+		SecRuleRemoveById 1
+	),
+	match_log => {
+		-error => [ qr/ModSecurity: /, 1 ],
+		-audit => [ qr/./, 1 ],
+		debug => [ qr/Starting phase REQUEST_HEADERS\..*This phase consists of 0 rule.*Starting phase RESPONSE_HEADERS\./s, 1 ],
+		-debug => [ qr/Access denied/, 1 ],
+	},
+	match_response => {
+		status => qr/^200$/,
+	},
+	request => new HTTP::Request(
+		GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt",
+	),
+},
+{
+	type => "config",
+	comment => "SecRuleRemoveById (multiple)",
+	conf => qq(
+		SecRuleEngine On
+		SecDebugLog $ENV{DEBUG_LOG}
+		SecDebugLogLevel 9
+		SecRule REQUEST_URI "test" "phase:1,deny,status:500,id:1"
+		SecRule REQUEST_URI "test" "phase:1,deny,status:500,id:2"
+		SecRule REQUEST_URI "test" "phase:1,deny,status:500,id:3"
+		SecRuleRemoveById 1 2 3
+	),
+	match_log => {
+		-error => [ qr/ModSecurity: /, 1 ],
+		-audit => [ qr/./, 1 ],
+		debug => [ qr/Starting phase REQUEST_HEADERS\..*This phase consists of 0 rule.*Starting phase RESPONSE_HEADERS\./s, 1 ],
+		-debug => [ qr/Access denied/, 1 ],
+	},
+	match_response => {
+		status => qr/^200$/,
+	},
+	request => new HTTP::Request(
+		GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt",
+	),
+},
+{
+	type => "config",
+	comment => "SecRuleRemoveById (range)",
+	conf => qq(
+		SecRuleEngine On
+		SecDebugLog $ENV{DEBUG_LOG}
+		SecDebugLogLevel 9
+		SecRule REQUEST_URI "test" "phase:1,deny,status:500,id:1"
+		SecRule REQUEST_URI "test" "phase:1,deny,status:500,id:2"
+		SecRule REQUEST_URI "test" "phase:1,deny,status:500,id:3"
+		SecRuleRemoveById 1-3
+	),
+	match_log => {
+		-error => [ qr/ModSecurity: /, 1 ],
+		-audit => [ qr/./, 1 ],
+		debug => [ qr/Starting phase REQUEST_HEADERS\..*This phase consists of 0 rule.*Starting phase RESPONSE_HEADERS\./s, 1 ],
+		-debug => [ qr/Access denied/, 1 ],
+	},
+	match_response => {
+		status => qr/^200$/,
+	},
+	request => new HTTP::Request(
+		GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt",
+	),
+},
+{
+	type => "config",
+	comment => "SecRuleRemoveById (multiple + range)",
+	conf => qq(
+		SecRuleEngine On
+		SecDebugLog $ENV{DEBUG_LOG}
+		SecDebugLogLevel 9
+		SecRule REQUEST_URI "test" "phase:1,deny,status:500,id:1"
+		SecRule REQUEST_URI "test" "phase:1,deny,status:500,id:2"
+		SecRule REQUEST_URI "test" "phase:1,deny,status:500,id:3"
+		SecRule REQUEST_URI "test" "phase:1,deny,status:500,id:4"
+		SecRuleRemoveById 1 2-4
+	),
+	match_log => {
+		-error => [ qr/ModSecurity: /, 1 ],
+		-audit => [ qr/./, 1 ],
+		debug => [ qr/Starting phase REQUEST_HEADERS\..*This phase consists of 0 rule.*Starting phase RESPONSE_HEADERS\./s, 1 ],
+		-debug => [ qr/Access denied/, 1 ],
+	},
+	match_response => {
+		status => qr/^200$/,
+	},
+	request => new HTTP::Request(
+		GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt",
+	),
+},
+
+# SecRuleRemoveByMsg
+{
+	type => "config",
+	comment => "SecRuleRemoveByMsg",
+	conf => qq(
+		SecRuleEngine On
+		SecDebugLog $ENV{DEBUG_LOG}
+		SecDebugLogLevel 9
+		SecRule REQUEST_URI "test" "phase:1,deny,status:500,id:1,msg:'testing rule'"
+		SecRuleRemoveByMsg "testing rule"
+	),
+	match_log => {
+		-error => [ qr/ModSecurity: /, 1 ],
+		-audit => [ qr/./, 1 ],
+		debug => [ qr/Starting phase REQUEST_HEADERS\..*This phase consists of 0 rule.*Starting phase RESPONSE_HEADERS\./s, 1 ],
+		-debug => [ qr/Access denied/, 1 ],
+	},
+	match_response => {
+		status => qr/^200$/,
+	},
+	request => new HTTP::Request(
+		GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt",
+	),
+},