source-git / mod_security

Clone
Source Code
GIT

Files

  1.   384592efa1429cbfb4d7f37e97830055f99c6751
  2.   tests
  3.   regression
  4.   config
  5.   10-misc-directives.t
Blob Blame History Raw 
### Misc directive tests

### TODO:
# SecTmpDir
# SecUploadKeepFiles
# SecChrootDir
# SecGuardianLog

# SecDefaultAction
{
	type => "config",
	comment => "SecDefaultAction",
	conf => qq(
		SecRuleEngine on
		SecDefaultAction "phase:1,deny,status:500"
		SecRule REQUEST_URI "test.txt" "id:500241"
	),
	match_log => {
		error => [ qr/ModSecurity: Access denied with code 500 \(phase 1\)/, 1 ],
	},
	match_response => {
		status => qr/^500$/,
	},
	request => new HTTP::Request(
		GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt",
	),
},

# SecServerSignature
{
	type => "config",
	comment => "SecServerSignature On",
	conf => qq(
		SecServerSignature "NewServerSignature"
	),
	match_response => {
		status => qr/^200$/,
		raw => qr/^Server: +NewServerSignature$/m,
	},
	request => new HTTP::Request(
		GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt",
	),
},

# SecDataDir
{
	type => "config",
	comment => "SecDataDir",
	conf => qq(
		SecRuleEngine On
		SecDataDir "$ENV{DATA_DIR}"
		SecAction initcol:ip=%{REMOTE_ADDR},setvar:ip.dummy=1,pass,id:500085
	),
	match_log => {
		error => [ qr/ModSecurity: Warning. Unconditional match in SecAction\./, 1 ],
	},
	match_file => {
		"$ENV{DATA_DIR}/ip.pag" => qr/\x00\x06dummy\x00\x00\x021\x00/,
	},
	match_response => {
		status => qr/^200$/,
	},
	request => new HTTP::Request(
		GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt",
	),
},

# SecTmpDir/SecUploadDir/SecUploadKeepFiles
{
	type => "config",
	comment => "SecTmpDir/SecUploadDir/SecUploadKeepFiles",
	conf => qq(
		SecRuleEngine On
		SecRequestBodyAccess On
		SecDebugLog $ENV{DEBUG_LOG}
		SecDebugLogLevel 4
		SecTmpDir "$ENV{TEMP_DIR}"
		SecUploadKeepFiles On
		SecUploadDir "$ENV{UPLOAD_DIR}"
	),
	test => sub {
		# Get the filename and make sure the file exists
		my $fn = match_log(debug => qr/Moved file from .* to ".*"\./, 5);
		die "Failed to determine uploaded filename\n" unless (defined $fn);

		$fn =~ s/Moved file from .* to "(.*)"\..*/$1/;
		die "File does not exist: $fn\n" unless (-e $fn);

		# Check the contents of the file
		return 0 if (match_file($fn, qr/^TESTFILE$/m));
		
		msg("Failed to match contents of uploaded file: $fn");
		return 1;
	},
	match_log => {
		debug => [ qr/Created temporary file.*$ENV{TEMP_DIR}/, 1 ],
		-debug => [ qr/Failed to /, 1 ],
	},
	match_response => {
		status => qr/^200$/,
	},
	request => new HTTP::Request(
		POST => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt",
		[
			"Content-Type" => "multipart/form-data; boundary=---------------------------19813181771830765643996187206",
		],
		q(-----------------------------19813181771830765643996187206
Content-Disposition: form-data; name="upload-file"; filename="test"
Content-Type: application/octet-stream

TESTFILE
-----------------------------19813181771830765643996187206
Content-Disposition: form-data; name="file"

Upload File
-----------------------------19813181771830765643996187206--),
	),
},

# SecWebAppId
{
	type => "config",
	comment => "SecWebAppId",
	conf => qq(
		SecRuleEngine On
		SecRequestBodyAccess On
		SecDebugLog $ENV{DEBUG_LOG}
		SecDebugLogLevel 4
		SecAuditLog "$ENV{AUDIT_LOG}"
		SecAuditEngine RelevantOnly
		SecWebAppId "app-1"
		SecAction "pass,log,auditlog,id:1"
	),
	match_log => {
		error => [ qr/Warning\. Unconditional match in SecAction\./, 1 ],
		debug => [ qr/Warning\. Unconditional match in SecAction\./, 1 ],
		audit => [ qr/^WebApp-Info: "app-1"/m, 1 ],
	},
	match_response => {
		status => qr/^200$/,
	},
	request => new HTTP::Request(
		GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt",
	),
},

Powered by Pagure 5.13.3

SSH Hostkey/Fingerprint | Documentation