|
Packit Service |
384592 |
### Misc directive tests
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
### TODO:
|
|
Packit Service |
384592 |
# SecTmpDir
|
|
Packit Service |
384592 |
# SecUploadKeepFiles
|
|
Packit Service |
384592 |
# SecChrootDir
|
|
Packit Service |
384592 |
# SecGuardianLog
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
# SecDefaultAction
|
|
Packit Service |
384592 |
{
|
|
Packit Service |
384592 |
type => "config",
|
|
Packit Service |
384592 |
comment => "SecDefaultAction",
|
|
Packit Service |
384592 |
conf => qq(
|
|
Packit Service |
384592 |
SecRuleEngine on
|
|
Packit Service |
384592 |
SecDefaultAction "phase:1,deny,status:500"
|
|
Packit Service |
384592 |
SecRule REQUEST_URI "test.txt" "id:500241"
|
|
Packit Service |
384592 |
),
|
|
Packit Service |
384592 |
match_log => {
|
|
Packit Service |
384592 |
error => [ qr/ModSecurity: Access denied with code 500 \(phase 1\)/, 1 ],
|
|
Packit Service |
384592 |
},
|
|
Packit Service |
384592 |
match_response => {
|
|
Packit Service |
384592 |
status => qr/^500$/,
|
|
Packit Service |
384592 |
},
|
|
Packit Service |
384592 |
request => new HTTP::Request(
|
|
Packit Service |
384592 |
GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt",
|
|
Packit Service |
384592 |
),
|
|
Packit Service |
384592 |
},
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
# SecServerSignature
|
|
Packit Service |
384592 |
{
|
|
Packit Service |
384592 |
type => "config",
|
|
Packit Service |
384592 |
comment => "SecServerSignature On",
|
|
Packit Service |
384592 |
conf => qq(
|
|
Packit Service |
384592 |
SecServerSignature "NewServerSignature"
|
|
Packit Service |
384592 |
),
|
|
Packit Service |
384592 |
match_response => {
|
|
Packit Service |
384592 |
status => qr/^200$/,
|
|
Packit Service |
384592 |
raw => qr/^Server: +NewServerSignature$/m,
|
|
Packit Service |
384592 |
},
|
|
Packit Service |
384592 |
request => new HTTP::Request(
|
|
Packit Service |
384592 |
GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt",
|
|
Packit Service |
384592 |
),
|
|
Packit Service |
384592 |
},
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
# SecDataDir
|
|
Packit Service |
384592 |
{
|
|
Packit Service |
384592 |
type => "config",
|
|
Packit Service |
384592 |
comment => "SecDataDir",
|
|
Packit Service |
384592 |
conf => qq(
|
|
Packit Service |
384592 |
SecRuleEngine On
|
|
Packit Service |
384592 |
SecDataDir "$ENV{DATA_DIR}"
|
|
Packit Service |
384592 |
SecAction initcol:ip=%{REMOTE_ADDR},setvar:ip.dummy=1,pass,id:500085
|
|
Packit Service |
384592 |
),
|
|
Packit Service |
384592 |
match_log => {
|
|
Packit Service |
384592 |
error => [ qr/ModSecurity: Warning. Unconditional match in SecAction\./, 1 ],
|
|
Packit Service |
384592 |
},
|
|
Packit Service |
384592 |
match_file => {
|
|
Packit Service |
384592 |
"$ENV{DATA_DIR}/ip.pag" => qr/\x00\x06dummy\x00\x00\x021\x00/,
|
|
Packit Service |
384592 |
},
|
|
Packit Service |
384592 |
match_response => {
|
|
Packit Service |
384592 |
status => qr/^200$/,
|
|
Packit Service |
384592 |
},
|
|
Packit Service |
384592 |
request => new HTTP::Request(
|
|
Packit Service |
384592 |
GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt",
|
|
Packit Service |
384592 |
),
|
|
Packit Service |
384592 |
},
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
# SecTmpDir/SecUploadDir/SecUploadKeepFiles
|
|
Packit Service |
384592 |
{
|
|
Packit Service |
384592 |
type => "config",
|
|
Packit Service |
384592 |
comment => "SecTmpDir/SecUploadDir/SecUploadKeepFiles",
|
|
Packit Service |
384592 |
conf => qq(
|
|
Packit Service |
384592 |
SecRuleEngine On
|
|
Packit Service |
384592 |
SecRequestBodyAccess On
|
|
Packit Service |
384592 |
SecDebugLog $ENV{DEBUG_LOG}
|
|
Packit Service |
384592 |
SecDebugLogLevel 4
|
|
Packit Service |
384592 |
SecTmpDir "$ENV{TEMP_DIR}"
|
|
Packit Service |
384592 |
SecUploadKeepFiles On
|
|
Packit Service |
384592 |
SecUploadDir "$ENV{UPLOAD_DIR}"
|
|
Packit Service |
384592 |
),
|
|
Packit Service |
384592 |
test => sub {
|
|
Packit Service |
384592 |
# Get the filename and make sure the file exists
|
|
Packit Service |
384592 |
my $fn = match_log(debug => qr/Moved file from .* to ".*"\./, 5);
|
|
Packit Service |
384592 |
die "Failed to determine uploaded filename\n" unless (defined $fn);
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
$fn =~ s/Moved file from .* to "(.*)"\..*/$1/;
|
|
Packit Service |
384592 |
die "File does not exist: $fn\n" unless (-e $fn);
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
# Check the contents of the file
|
|
Packit Service |
384592 |
return 0 if (match_file($fn, qr/^TESTFILE$/m));
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
msg("Failed to match contents of uploaded file: $fn");
|
|
Packit Service |
384592 |
return 1;
|
|
Packit Service |
384592 |
},
|
|
Packit Service |
384592 |
match_log => {
|
|
Packit Service |
384592 |
debug => [ qr/Created temporary file.*$ENV{TEMP_DIR}/, 1 ],
|
|
Packit Service |
384592 |
-debug => [ qr/Failed to /, 1 ],
|
|
Packit Service |
384592 |
},
|
|
Packit Service |
384592 |
match_response => {
|
|
Packit Service |
384592 |
status => qr/^200$/,
|
|
Packit Service |
384592 |
},
|
|
Packit Service |
384592 |
request => new HTTP::Request(
|
|
Packit Service |
384592 |
POST => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt",
|
|
Packit Service |
384592 |
[
|
|
Packit Service |
384592 |
"Content-Type" => "multipart/form-data; boundary=---------------------------19813181771830765643996187206",
|
|
Packit Service |
384592 |
],
|
|
Packit Service |
384592 |
q(-----------------------------19813181771830765643996187206
|
|
Packit Service |
384592 |
Content-Disposition: form-data; name="upload-file"; filename="test"
|
|
Packit Service |
384592 |
Content-Type: application/octet-stream
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
TESTFILE
|
|
Packit Service |
384592 |
-----------------------------19813181771830765643996187206
|
|
Packit Service |
384592 |
Content-Disposition: form-data; name="file"
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
Upload File
|
|
Packit Service |
384592 |
-----------------------------19813181771830765643996187206--),
|
|
Packit Service |
384592 |
),
|
|
Packit Service |
384592 |
},
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
# SecWebAppId
|
|
Packit Service |
384592 |
{
|
|
Packit Service |
384592 |
type => "config",
|
|
Packit Service |
384592 |
comment => "SecWebAppId",
|
|
Packit Service |
384592 |
conf => qq(
|
|
Packit Service |
384592 |
SecRuleEngine On
|
|
Packit Service |
384592 |
SecRequestBodyAccess On
|
|
Packit Service |
384592 |
SecDebugLog $ENV{DEBUG_LOG}
|
|
Packit Service |
384592 |
SecDebugLogLevel 4
|
|
Packit Service |
384592 |
SecAuditLog "$ENV{AUDIT_LOG}"
|
|
Packit Service |
384592 |
SecAuditEngine RelevantOnly
|
|
Packit Service |
384592 |
SecWebAppId "app-1"
|
|
Packit Service |
384592 |
SecAction "pass,log,auditlog,id:1"
|
|
Packit Service |
384592 |
),
|
|
Packit Service |
384592 |
match_log => {
|
|
Packit Service |
384592 |
error => [ qr/Warning\. Unconditional match in SecAction\./, 1 ],
|
|
Packit Service |
384592 |
debug => [ qr/Warning\. Unconditional match in SecAction\./, 1 ],
|
|
Packit Service |
384592 |
audit => [ qr/^WebApp-Info: "app-1"/m, 1 ],
|
|
Packit Service |
384592 |
},
|
|
Packit Service |
384592 |
match_response => {
|
|
Packit Service |
384592 |
status => qr/^200$/,
|
|
Packit Service |
384592 |
},
|
|
Packit Service |
384592 |
request => new HTTP::Request(
|
|
Packit Service |
384592 |
GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt",
|
|
Packit Service |
384592 |
),
|
|
Packit Service |
384592 |
},
|