### Misc directive tests
### TODO:
# SecTmpDir
# SecUploadKeepFiles
# SecChrootDir
# SecGuardianLog
# SecDefaultAction
{
type => "config",
comment => "SecDefaultAction",
conf => qq(
SecRuleEngine on
SecDefaultAction "phase:1,deny,status:500"
SecRule REQUEST_URI "test.txt" "id:500241"
),
match_log => {
error => [ qr/ModSecurity: Access denied with code 500 \(phase 1\)/, 1 ],
},
match_response => {
status => qr/^500$/,
},
request => new HTTP::Request(
GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt",
),
},
# SecServerSignature
{
type => "config",
comment => "SecServerSignature On",
conf => qq(
SecServerSignature "NewServerSignature"
),
match_response => {
status => qr/^200$/,
raw => qr/^Server: +NewServerSignature$/m,
},
request => new HTTP::Request(
GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt",
),
},
# SecDataDir
{
type => "config",
comment => "SecDataDir",
conf => qq(
SecRuleEngine On
SecDataDir "$ENV{DATA_DIR}"
SecAction initcol:ip=%{REMOTE_ADDR},setvar:ip.dummy=1,pass,id:500085
),
match_log => {
error => [ qr/ModSecurity: Warning. Unconditional match in SecAction\./, 1 ],
},
match_file => {
"$ENV{DATA_DIR}/ip.pag" => qr/\x00\x06dummy\x00\x00\x021\x00/,
},
match_response => {
status => qr/^200$/,
},
request => new HTTP::Request(
GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt",
),
},
# SecTmpDir/SecUploadDir/SecUploadKeepFiles
{
type => "config",
comment => "SecTmpDir/SecUploadDir/SecUploadKeepFiles",
conf => qq(
SecRuleEngine On
SecRequestBodyAccess On
SecDebugLog $ENV{DEBUG_LOG}
SecDebugLogLevel 4
SecTmpDir "$ENV{TEMP_DIR}"
SecUploadKeepFiles On
SecUploadDir "$ENV{UPLOAD_DIR}"
),
test => sub {
# Get the filename and make sure the file exists
my $fn = match_log(debug => qr/Moved file from .* to ".*"\./, 5);
die "Failed to determine uploaded filename\n" unless (defined $fn);
$fn =~ s/Moved file from .* to "(.*)"\..*/$1/;
die "File does not exist: $fn\n" unless (-e $fn);
# Check the contents of the file
return 0 if (match_file($fn, qr/^TESTFILE$/m));
msg("Failed to match contents of uploaded file: $fn");
return 1;
},
match_log => {
debug => [ qr/Created temporary file.*$ENV{TEMP_DIR}/, 1 ],
-debug => [ qr/Failed to /, 1 ],
},
match_response => {
status => qr/^200$/,
},
request => new HTTP::Request(
POST => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt",
[
"Content-Type" => "multipart/form-data; boundary=---------------------------19813181771830765643996187206",
],
q(-----------------------------19813181771830765643996187206
Content-Disposition: form-data; name="upload-file"; filename="test"
Content-Type: application/octet-stream
TESTFILE
-----------------------------19813181771830765643996187206
Content-Disposition: form-data; name="file"
Upload File
-----------------------------19813181771830765643996187206--),
),
},
# SecWebAppId
{
type => "config",
comment => "SecWebAppId",
conf => qq(
SecRuleEngine On
SecRequestBodyAccess On
SecDebugLog $ENV{DEBUG_LOG}
SecDebugLogLevel 4
SecAuditLog "$ENV{AUDIT_LOG}"
SecAuditEngine RelevantOnly
SecWebAppId "app-1"
SecAction "pass,log,auditlog,id:1"
),
match_log => {
error => [ qr/Warning\. Unconditional match in SecAction\./, 1 ],
debug => [ qr/Warning\. Unconditional match in SecAction\./, 1 ],
audit => [ qr/^WebApp-Info: "app-1"/m, 1 ],
},
match_response => {
status => qr/^200$/,
},
request => new HTTP::Request(
GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt",
),
},