1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
|
### Misc directive tests
### TODO:
# SecTmpDir
# SecUploadKeepFiles
# SecChrootDir
# SecGuardianLog
# SecDefaultAction
{
type => "config",
comment => "SecDefaultAction",
conf => qq(
SecRuleEngine on
SecDefaultAction "phase:1,deny,status:500"
SecRule REQUEST_URI "test.txt" "id:500241"
),
match_log => {
error => [ qr/ModSecurity: Access denied with code 500 \(phase 1\)/, 1 ],
},
match_response => {
status => qr/^500$/,
},
request => new HTTP::Request(
GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt",
),
},
# SecServerSignature
{
type => "config",
comment => "SecServerSignature On",
conf => qq(
SecServerSignature "NewServerSignature"
),
match_response => {
status => qr/^200$/,
raw => qr/^Server: +NewServerSignature$/m,
},
request => new HTTP::Request(
GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt",
),
},
# SecDataDir
{
type => "config",
comment => "SecDataDir",
conf => qq(
SecRuleEngine On
SecDataDir "$ENV{DATA_DIR}"
SecAction initcol:ip=%{REMOTE_ADDR},setvar:ip.dummy=1,pass,id:500085
),
match_log => {
error => [ qr/ModSecurity: Warning. Unconditional match in SecAction\./, 1 ],
},
match_file => {
"$ENV{DATA_DIR}/ip.pag" => qr/\x00\x06dummy\x00\x00\x021\x00/,
},
match_response => {
status => qr/^200$/,
},
request => new HTTP::Request(
GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt",
),
},
# SecTmpDir/SecUploadDir/SecUploadKeepFiles
{
type => "config",
comment => "SecTmpDir/SecUploadDir/SecUploadKeepFiles",
conf => qq(
SecRuleEngine On
SecRequestBodyAccess On
SecDebugLog $ENV{DEBUG_LOG}
SecDebugLogLevel 4
SecTmpDir "$ENV{TEMP_DIR}"
SecUploadKeepFiles On
SecUploadDir "$ENV{UPLOAD_DIR}"
),
test => sub {
# Get the filename and make sure the file exists
my $fn = match_log(debug => qr/Moved file from .* to ".*"\./, 5);
die "Failed to determine uploaded filename\n" unless (defined $fn);
$fn =~ s/Moved file from .* to "(.*)"\..*/$1/;
die "File does not exist: $fn\n" unless (-e $fn);
# Check the contents of the file
return 0 if (match_file($fn, qr/^TESTFILE$/m));
msg("Failed to match contents of uploaded file: $fn");
return 1;
},
match_log => {
debug => [ qr/Created temporary file.*$ENV{TEMP_DIR}/, 1 ],
-debug => [ qr/Failed to /, 1 ],
},
match_response => {
status => qr/^200$/,
},
request => new HTTP::Request(
POST => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt",
[
"Content-Type" => "multipart/form-data; boundary=---------------------------19813181771830765643996187206",
],
q(-----------------------------19813181771830765643996187206
Content-Disposition: form-data; name="upload-file"; filename="test"
Content-Type: application/octet-stream
TESTFILE
-----------------------------19813181771830765643996187206
Content-Disposition: form-data; name="file"
Upload File
-----------------------------19813181771830765643996187206--),
),
},
# SecWebAppId
{
type => "config",
comment => "SecWebAppId",
conf => qq(
SecRuleEngine On
SecRequestBodyAccess On
SecDebugLog $ENV{DEBUG_LOG}
SecDebugLogLevel 4
SecAuditLog "$ENV{AUDIT_LOG}"
SecAuditEngine RelevantOnly
SecWebAppId "app-1"
SecAction "pass,log,auditlog,id:1"
),
match_log => {
error => [ qr/Warning\. Unconditional match in SecAction\./, 1 ],
debug => [ qr/Warning\. Unconditional match in SecAction\./, 1 ],
audit => [ qr/^WebApp-Info: "app-1"/m, 1 ],
},
match_response => {
status => qr/^200$/,
},
request => new HTTP::Request(
GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt",
),
},
|
