mirror of
https://github.com/owasp-modsecurity/ModSecurity.git
synced 2025-08-13 21:36:00 +03:00
28a44b966a
Seclang uses RESPONSE_STATUS as variable to encode the status code for the request. https://github.com/SpiderLabs/ModSecurity/wiki/Reference-Manual#RESPONSE_STATUS The CRS v3.0.0-dev rules, for instance, uses the RESPONSE_STATUS variable. https://github.com/SpiderLabs/owasp-modsecurity-crs/blob/v3.0.0-dev/rules/RESPONSE-50-DATA-LEAKAGES-IIS.conf When processing response headers, the variable was named STATUS when creating/storing it in the collection. Fix it, and update regression testcases.
94 lines
2.1 KiB
JSON
94 lines
2.1 KiB
JSON
[
|
|
{
|
|
"enabled":1,
|
|
"version_min":300000,
|
|
"title":"Testing Variables :: STATUS (1/2)",
|
|
"client":{
|
|
"ip":"200.249.12.31",
|
|
"port":123
|
|
},
|
|
"server":{
|
|
"ip":"200.249.12.31",
|
|
"port":80
|
|
},
|
|
"request":{
|
|
"headers":{
|
|
"Host":"localhost",
|
|
"User-Agent":"curl/7.38.0",
|
|
"Accept":"*/*",
|
|
"Content-Length": "27",
|
|
"Content-Type": "application/x-www-form-urlencoded"
|
|
},
|
|
"uri":"/",
|
|
"method":"GET",
|
|
"body": [
|
|
"param1=value1¶m2=value2"
|
|
]
|
|
},
|
|
"response":{
|
|
"headers":{
|
|
"Date":"Mon, 13 Jul 2015 20:02:41 GMT",
|
|
"Last-Modified":"Sun, 26 Oct 2014 22:33:37 GMT",
|
|
"Content-Type":"text/html"
|
|
},
|
|
"body":[
|
|
"no need."
|
|
]
|
|
},
|
|
"expected":{
|
|
"debug_log":"Target value: \"200\" \\(Variable: RESPONSE_STATUS\\)"
|
|
},
|
|
"rules":[
|
|
"SecRuleEngine On",
|
|
"SecRule RESPONSE_STATUS \"@contains test\" \"id:1,phase:5,rev:1.3,pass,t:trim\""
|
|
]
|
|
},
|
|
{
|
|
"enabled":1,
|
|
"version_min":300000,
|
|
"title":"Testing Variables :: STATUS (2/2)",
|
|
"client":{
|
|
"ip":"200.249.12.31",
|
|
"port":123
|
|
},
|
|
"server":{
|
|
"ip":"200.249.12.31",
|
|
"port":80
|
|
},
|
|
"request":{
|
|
"headers":{
|
|
"Host":"localhost",
|
|
"User-Agent":"curl/7.38.0",
|
|
"Accept":"*/*",
|
|
"Content-Length": "27",
|
|
"Content-Type": "application/x-www-form-urlencoded"
|
|
},
|
|
"uri":"/",
|
|
"method":"GET",
|
|
"body": [
|
|
"param1=value1¶m2=value2"
|
|
]
|
|
},
|
|
"response":{
|
|
"headers":{
|
|
"Date":"Mon, 13 Jul 2015 20:02:41 GMT",
|
|
"Last-Modified":"Sun, 26 Oct 2014 22:33:37 GMT",
|
|
"Content-Type":"text/html"
|
|
},
|
|
"body":[
|
|
"no need."
|
|
]
|
|
},
|
|
"expected":{
|
|
"debug_log":"Target value: \"500\" \\(Variable: RESPONSE_STATUS\\)",
|
|
"http_code": 500
|
|
},
|
|
"rules":[
|
|
"SecRuleEngine On",
|
|
"SecRule ARGS \"@pm value\" \"id:1,phase:2,t:trim,status:500,deny\"",
|
|
"SecRule RESPONSE_STATUS \"@contains test\" \"id:2,phase:5,rev:1.3,pass,t:trim\""
|
|
]
|
|
}
|
|
]
|
|
|