github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2025-09-29 19:24:29 +03:00
Code Issues Packages Projects Releases Wiki Activity

Fix: Only delete Multipart tmp files after rules have run

Browse Source
This commit is contained in:
martinhsv
2020-11-02 15:19:43 -08:00
committed by Felipe Zimmerle
parent 1b7aa42c77
commit d72be1c470
8 changed files with 255 additions and 91 deletions
Download Patch File Download Diff File Expand all files Collapse all files

121
test/test-cases/regression/issue-2427.json Normal file
View File

@@ -0,0 +1,121 @@
[
{
"enabled":1,
"version_min":300000,
"title":"Tmp file retained for @inspectFile (1/2)",
"resource":"lua",
"client":{
"ip":"200.249.12.31",
"port":123
},
"server":{
"ip":"200.249.12.31",
"port":80
},
"request":{
"headers":{
"Host":"localhost",
"User-Agent":"curl/7.38.0",
"Accept":"*/*",
"Content-Length":"330",
"Content-Type":"multipart/form-data; boundary=--------------------------756b6d74fa1a8ee2",
"Expect":"100-continue"
},
"uri":"/wheee/f%20i%20l%20e%20",
"method":"POST",
"body":[
"----------------------------756b6d74fa1a8ee2",
"Content-Disposition: form-data; name=\"name\"",
"",
"test",
"----------------------------756b6d74fa1a8ee2",
"Content-Disposition: form-data; name=\"name2\"",
"",
"test2",
"----------------------------756b6d74fa1a8ee2",
"Content-Disposition: form-data; name=\"filedata\"; filename=\"small_text_file1.txt\"",
"Content-Type: text/plain",
"",
"This is a very small test file..",
"----------------------------756b6d74fa1a8ee2",
"Content-Disposition: form-data; filename=\"small_text_file2.txt\"; name=\"small2.txt\" ",
"Content-Type: text/plain",
"",
"This is another very small test file that contains the search content abcdef..",
"----------------------------756b6d74fa1a8ee2--"
]
},
"expected":{
"debug_log":"Returning from lua script: abcdef.*Rule returned 1",
"http_code":403
},
"rules":[
"SecRuleEngine On",
"SecRequestBodyAccess On",
"SecTmpSaveUploadedFiles On",
"SecUploadKeepFiles Off",
"SecUploadDir /tmp",
"SecTmpDir /tmp",
"SecRule FILES_TMPNAMES \"@inspectFile test-cases/data/inspectFile-abcdef.lua\" \"id:1,phase:2,deny,status:403\""
]
},
{
"enabled":1,
"version_min":300000,
"title":"Tmp file retained for @inspectFile (2/2)",
"resource":"lua",
"client":{
"ip":"200.249.12.31",
"port":123
},
"server":{
"ip":"200.249.12.31",
"port":80
},
"request":{
"headers":{
"Host":"localhost",
"User-Agent":"curl/7.38.0",
"Accept":"*/*",
"Content-Length":"330",
"Content-Type":"multipart/form-data; boundary=--------------------------756b6d74fa1a8ee2",
"Expect":"100-continue"
},
"uri":"/wheee/f%20i%20l%20e%20",
"method":"POST",
"body":[
"----------------------------756b6d74fa1a8ee2",
"Content-Disposition: form-data; name=\"name\"",
"",
"test",
"----------------------------756b6d74fa1a8ee2",
"Content-Disposition: form-data; name=\"name2\"",
"",
"test2",
"----------------------------756b6d74fa1a8ee2",
"Content-Disposition: form-data; name=\"filedata\"; filename=\"small_text_file1.txt\"",
"Content-Type: text/plain",
"",
"This is a very small test file..",
"----------------------------756b6d74fa1a8ee2",
"Content-Disposition: form-data; filename=\"small_text_file2.txt\"; name=\"small2.txt\" ",
"Content-Type: text/plain",
"",
"This is another very small test file that does not contain the search content.",
"----------------------------756b6d74fa1a8ee2--"
]
},
"expected":{
"http_code":200
},
"rules":[
"SecRuleEngine On",
"SecRequestBodyAccess On",
"SecTmpSaveUploadedFiles On",
"SecUploadKeepFiles Off",
"SecUploadDir /tmp",
"SecTmpDir /tmp",
"SecRule FILES_TMPNAMES \"@inspectFile test-cases/data/inspectFile-abcdef.lua\" \"id:1,phase:2,deny,status:403\""
]
}
]