github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2025-08-13 13:26:01 +03:00
Code Issues Packages Projects Releases Wiki Activity
ModSecurity/test/test-cases/regression/issue-1943.json
Felipe Zimmerle 9d80983e55
Fix on top of #1943 + adding test cases
2018-11-01 16:11:39 -03:00

117 lines
4.3 KiB
JSON
Raw Blame History

[
{
"enabled": 1,
"version_min": 300000,
"version_max": 0,
"title": "double macros bug 1/n",
"client": {
"ip": "200.249.12.31",
"port": 2313
},
"server": {
"ip": "200.249.12.31",
"port": 80
},
"request": {
"headers": {
"Host": "net.tutsplus.com",
"User-Agent": "Mozilla\/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.1.5) Gecko\/20091102 Firefox\/3.5.5 (.NET CLR 3.5.30729)",
"Accept": "text\/html,application\/xhtml+xml,application\/xml;q=0.9,*\/*;q=0.8",
"Accept-Language": "en-us,en;q=0.5",
"Accept-Encoding": "gzip,deflate",
"Accept-Charset": "ISO-8859-1,utf-8;q=0.7,*;q=0.7",
"Keep-Alive": "300",
"Connection": "keep-alive",
"Cookie": "PHPSESSID=r2t5uvjq435r4q7ib3vtdjq120",
"Pragma": "no-cache",
"Cache-Control": "no-cache"
},
"uri": "\/test.pl?param1= test &param2=test2&pparam=дор",
"method": "GET",
"http_version": 1.1,
"body": ""
},
"response": {
"headers": {
"Content-Type": "text\/xml; charset=utf-8\n\r",
"Content-Length": "length\n\r"
},
"body": [
"<?xml version=\"1.0\" encoding=\"utf-8\"?>\n\r",
"<soap:Envelope xmlns:xsi=\"http:\/\/www.w3.org\/2001\/XMLSchema-instance\" xmlns:xsd=\"http:\/\/www.w3.org\/2001\/XMLSchema\" xmlns:soap=\"http:\/\/schemas.xmlsoap.org\/soap\/envelope\/\">\n\r",
" <soap:Body>\n\r",
" <EnlightenResponse xmlns=\"http:\/\/clearforest.com\/\">\n\r",
" <EnlightenResult>string<\/EnlightenResult>\n\r",
" <\/EnlightenResponse>\n\r",
" <\/soap:Body>\n\r",
"<\/soap:Envelope>\n\r"
]
},
"expected": {
"debug_log": "TX:msg with value: test tes",
"http_code": 200
},
"rules": [
"SecRuleEngine On",
"SecRule ARGS \"@contains test2\" \"phase:1,id:999,setvar:tx.msg=%{ARGS:param1}%{ARGS:param1}\""
]
},
{
"enabled": 1,
"version_min": 300000,
"version_max": 0,
"title": "double macros bug 2/n",
"client": {
"ip": "200.249.12.31",
"port": 2313
},
"server": {
"ip": "200.249.12.31",
"port": 80
},
"request": {
"headers": {
"Host": "net.tutsplus.com",
"User-Agent": "Mozilla\/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.1.5) Gecko\/20091102 Firefox\/3.5.5 (.NET CLR 3.5.30729)",
"Accept": "text\/html,application\/xhtml+xml,application\/xml;q=0.9,*\/*;q=0.8",
"Accept-Language": "en-us,en;q=0.5",
"Accept-Encoding": "gzip,deflate",
"Accept-Charset": "ISO-8859-1,utf-8;q=0.7,*;q=0.7",
"Keep-Alive": "300",
"Connection": "keep-alive",
"Cookie": "PHPSESSID=r2t5uvjq435r4q7ib3vtdjq120",
"Pragma": "no-cache",
"Cache-Control": "no-cache"
},
"uri": "\/test.pl?param1= test &param2=test2&pparam=дор",
"method": "GET",
"http_version": 1.1,
"body": ""
},
"response": {
"headers": {
"Content-Type": "text\/xml; charset=utf-8\n\r",
"Content-Length": "length\n\r"
},
"body": [
"<?xml version=\"1.0\" encoding=\"utf-8\"?>\n\r",
"<soap:Envelope xmlns:xsi=\"http:\/\/www.w3.org\/2001\/XMLSchema-instance\" xmlns:xsd=\"http:\/\/www.w3.org\/2001\/XMLSchema\" xmlns:soap=\"http:\/\/schemas.xmlsoap.org\/soap\/envelope\/\">\n\r",
" <soap:Body>\n\r",
" <EnlightenResponse xmlns=\"http:\/\/clearforest.com\/\">\n\r",
" <EnlightenResult>string<\/EnlightenResult>\n\r",
" <\/EnlightenResponse>\n\r",
" <\/soap:Body>\n\r",
"<\/soap:Envelope>\n\r"
]
},
"expected": {
"debug_log": "",
"http_code": 200
},
"rules": [
"SecRuleEngine On",
"SecRule ARGS|XML|XML \"test\" \"id:123,phase:2,block,msg:'Possible harmful executable file detected',logdata:'Matched Data: %{TX.0} found within %{MATCHED_VAR_NAME}: %{MATCHED_VARS}',t:none,tag:'application-multi',tag:'platform-multi',tag:'attack-file-upload',tag:'OWASP_CRS/WEB_ATTACK/MALICIOUS_FILE',tag:'paranoia-level/1',ver:'OWASP_CRS/3.1.0',severity:'NOTICE',setvar:'tx.msg=%{rule.msg}',setvar:'tx.anomaly_score=+%{tx.notice_anomaly_score}',setvar:'tx.%{rule.id}-OWASP_CRS/WEB_ATTACK/MALICIOUS-FILE-%{matched_var_name}=%{tx.0}'\""
]
}
]
Reference in New Issue View Git Blame Copy Permalink