Initial Commit
This commit is contained in:
root
211
naxsi-0.55.3/t/29regression.t
vendored
Normal file
211
naxsi-0.55.3/t/29regression.t
vendored
Normal file
@@ -0,0 +1,211 @@
|
||||
#vi:filetype=perl
|
||||
|
||||
|
||||
# A AJOUTER :
|
||||
# TEST CASE AVEC UNE REGLE SUR UN HEADER GENERIQUE
|
||||
# La même sur des arguments :)
|
||||
|
||||
use lib 'lib';
|
||||
use Test::Nginx::Socket;
|
||||
|
||||
plan tests => repeat_each(2) * blocks();
|
||||
no_root_location();
|
||||
no_long_string();
|
||||
$ENV{TEST_NGINX_SERVROOT} = server_root();
|
||||
run_tests();
|
||||
__DATA__
|
||||
=== WL TEST 1.0: [ARGS zone WhiteList] Adding a test rule in http_config (ARGS zone) and disable rule.
|
||||
--- main_config
|
||||
load_module /tmp/naxsi_ut/modules/ngx_http_naxsi_module.so;
|
||||
--- http_config
|
||||
include /tmp/naxsi_ut/naxsi_core.rules;
|
||||
--- config
|
||||
location / {
|
||||
SecRulesEnabled;
|
||||
DeniedUrl "/RequestDenied";
|
||||
CheckRule "$SQL >= 4" BLOCK;
|
||||
root $TEST_NGINX_SERVROOT/html/;
|
||||
index index.html index.htm;
|
||||
}
|
||||
location /RequestDenied {
|
||||
return 412;
|
||||
}
|
||||
--- request
|
||||
GET /?driveOnDate=2016-11-29
|
||||
--- error_code: 200
|
||||
|
||||
=== WL TEST 1.1: testing multiple alternate matching/non-matching rules
|
||||
--- main_config
|
||||
load_module /tmp/naxsi_ut/modules/ngx_http_naxsi_module.so;
|
||||
|
||||
--- http_config
|
||||
include /tmp/naxsi_ut/naxsi_core.rules;
|
||||
MainRule "rx:zz" "mz:$URL_X:/foo/|$ARGS_VAR_X:^id$" "s:DROP" id:4242001;
|
||||
MainRule negative "rx:^\d+$" "mz:$URL_X:/wp-json/wp/v2/|$ARGS_VAR_X:^id$" "s:DROP" id:4242002;
|
||||
--- config
|
||||
location / {
|
||||
SecRulesEnabled;
|
||||
DeniedUrl "/RequestDenied";
|
||||
CheckRule "$SQL >= 4" BLOCK;
|
||||
root $TEST_NGINX_SERVROOT/html/;
|
||||
index index.html index.htm;
|
||||
}
|
||||
location /RequestDenied {
|
||||
return 412;
|
||||
}
|
||||
--- request
|
||||
GET /wp-json/wp/v2/?id=a
|
||||
--- error_code: 412
|
||||
|
||||
=== WL TEST 1.2: testing multiple alternate matching/non-matching rules
|
||||
--- main_config
|
||||
load_module /tmp/naxsi_ut/modules/ngx_http_naxsi_module.so;
|
||||
|
||||
--- http_config
|
||||
include /tmp/naxsi_ut/naxsi_core.rules;
|
||||
MainRule "rx:zz" "mz:$URL_X:/foo/|$ARGS_VAR_X:^id$" "s:DROP" id:4242001;
|
||||
MainRule negative "rx:^\d+$" "mz:$URL_X:/wp-json/wp/v2/|$ARGS_VAR_X:^id$" "s:DROP" id:4242002;
|
||||
--- config
|
||||
location / {
|
||||
SecRulesEnabled;
|
||||
DeniedUrl "/RequestDenied";
|
||||
CheckRule "$SQL >= 4" BLOCK;
|
||||
root $TEST_NGINX_SERVROOT/html/;
|
||||
index index.html index.htm;
|
||||
}
|
||||
location /RequestDenied {
|
||||
return 412;
|
||||
}
|
||||
--- request
|
||||
GET /wp-json/wp/v2?id=a
|
||||
--- error_code: 404
|
||||
|
||||
=== WL TEST 1.3: testing multiple alternate matching/non-matching rules
|
||||
--- main_config
|
||||
load_module /tmp/naxsi_ut/modules/ngx_http_naxsi_module.so;
|
||||
|
||||
--- http_config
|
||||
include /tmp/naxsi_ut/naxsi_core.rules;
|
||||
MainRule "rx:zz" "mz:$URL_X:/wp-json/wp/v2/|$ARGS_VAR_X:^id$" "s:DROP" id:4242001;
|
||||
MainRule negative "rx:^\d+$" "mz:$URL_X:/wp-json/wp/v2/|$ARGS_VAR_X:^id$" "s:DROP" id:4242002;
|
||||
--- config
|
||||
location / {
|
||||
SecRulesEnabled;
|
||||
DeniedUrl "/RequestDenied";
|
||||
CheckRule "$SQL >= 4" BLOCK;
|
||||
root $TEST_NGINX_SERVROOT/html/;
|
||||
index index.html index.htm;
|
||||
}
|
||||
location /RequestDenied {
|
||||
return 412;
|
||||
}
|
||||
--- request
|
||||
GET /wp-json/wp/v2?id=11
|
||||
--- error_code: 404
|
||||
|
||||
=== WL TEST 1.4: testing multiple alternate matching/non-matching rules
|
||||
--- main_config
|
||||
load_module /tmp/naxsi_ut/modules/ngx_http_naxsi_module.so;
|
||||
|
||||
--- http_config
|
||||
include /tmp/naxsi_ut/naxsi_core.rules;
|
||||
MainRule "rx:zz" "mz:$URL_X:/wp-json/wp/v2/|$ARGS_VAR_X:^id$" "s:DROP" id:4242001;
|
||||
MainRule "rx:^\d+$" "mz:$URL_X:/wp-json/wp/v2/|$ARGS_VAR_X:^id$" "s:DROP" id:4242002;
|
||||
--- config
|
||||
location / {
|
||||
SecRulesEnabled;
|
||||
DeniedUrl "/RequestDenied";
|
||||
CheckRule "$SQL >= 4" BLOCK;
|
||||
root $TEST_NGINX_SERVROOT/html/;
|
||||
index index.html index.htm;
|
||||
}
|
||||
location /RequestDenied {
|
||||
return 412;
|
||||
}
|
||||
--- request
|
||||
GET /wp-json/wp/v2/?id=zz
|
||||
--- error_code: 412
|
||||
|
||||
=== WL TEST 1.5: testing multiple alternate matching/non-matching rules
|
||||
--- main_config
|
||||
load_module /tmp/naxsi_ut/modules/ngx_http_naxsi_module.so;
|
||||
|
||||
--- http_config
|
||||
include /tmp/naxsi_ut/naxsi_core.rules;
|
||||
MainRule "rx:zz" "mz:$URL_X:/wp-json/wp/v2/|$ARGS_VAR_X:^id$" "s:DROP" id:4242001;
|
||||
MainRule "rx:^\d+$" "mz:$URL_X:/wp-json/wp/v2/|$ARGS_VAR_X:^id$" "s:DROP" id:4242002;
|
||||
MainRule "str:iyxnlnjrf" "mz:$URL_X:^(/index.php)?/qquoteadv|ARGS|BODY" "s:DROP" "msg:base64_" id:42000526;
|
||||
--- config
|
||||
location / {
|
||||
SecRulesEnabled;
|
||||
DeniedUrl "/RequestDenied";
|
||||
CheckRule "$SQL >= 4" BLOCK;
|
||||
root $TEST_NGINX_SERVROOT/html/;
|
||||
index index.html index.htm;
|
||||
}
|
||||
location /RequestDenied {
|
||||
return 412;
|
||||
}
|
||||
--- request
|
||||
GET /qquoteadv?id=iyxnlnjrf1
|
||||
--- error_code: 412
|
||||
=== WL TEST 2.0: log + drop
|
||||
--- main_config
|
||||
load_module /tmp/naxsi_ut/modules/ngx_http_naxsi_module.so;
|
||||
|
||||
--- http_config
|
||||
include /tmp/naxsi_ut/naxsi_core.rules;
|
||||
MainRule negative "rx:^[\d_-]+$" "mz:$ARGS_VAR:id" "s:$LOG_TEST:1" "msg:wordpress < 4.7.2 wp-json" id:42000530;
|
||||
MainRule negative "rx:^[\d_-]+$" "mz:$BODY_VAR:id" "s:$LOG_TEST:1" "msg:wordpress < 4.7.2 wp-json" id:42000529;
|
||||
MainRule negative "rx:^\d+$" "mz:$ARGS_VAR_X:^id$|$URL_X:/wp-json/wp/v2/" "s:$UWA:8" "msg:wordpress < 4.7.2 wp-json" id:42000531;
|
||||
MainRule negative "rx:^\d+$" "mz:$URL_X:/wp-json/wp/v2/|$BODY_VAR_X:^id$" "s:$UWA:8" "msg:wordpress < 4.7.2 wp-json" id:42000532;
|
||||
--- config
|
||||
location / {
|
||||
SecRulesEnabled;
|
||||
CheckRule "$LOG_TEST >= 1" LOG;
|
||||
CheckRule "$UWA >= 8" DROP;
|
||||
DeniedUrl "/RequestDenied";
|
||||
CheckRule "$SQL >= 4" BLOCK;
|
||||
root $TEST_NGINX_SERVROOT/html/;
|
||||
index index.html index.htm;
|
||||
}
|
||||
location /RequestDenied {
|
||||
return 412;
|
||||
}
|
||||
--- more_headers
|
||||
Content-Type: application/x-www-form-urlencoded
|
||||
--- request eval
|
||||
use URI::Escape;
|
||||
"POST /wp-json/wp/v2/posts/111
|
||||
id=1a&foo2=bar2"
|
||||
--- error_code: 412
|
||||
=== WL TEST 2.01: log + block
|
||||
--- main_config
|
||||
load_module /tmp/naxsi_ut/modules/ngx_http_naxsi_module.so;
|
||||
|
||||
--- http_config
|
||||
include /tmp/naxsi_ut/naxsi_core.rules;
|
||||
MainRule negative "rx:^[\d_-]+$" "mz:$ARGS_VAR:id" "s:$LOG_TEST:1" "msg:wordpress < 4.7.2 wp-json" id:42000530;
|
||||
MainRule negative "rx:^[\d_-]+$" "mz:$BODY_VAR:id" "s:$LOG_TEST:1" "msg:wordpress < 4.7.2 wp-json" id:42000529;
|
||||
MainRule negative "rx:^\d+$" "mz:$ARGS_VAR_X:^id$|$URL_X:/wp-json/wp/v2/" "s:$UWA:8" "msg:wordpress < 4.7.2 wp-json" id:42000531;
|
||||
MainRule negative "rx:^\d+$" "mz:$URL_X:/wp-json/wp/v2/|$BODY_VAR_X:^id$" "s:$UWA:8" "msg:wordpress < 4.7.2 wp-json" id:42000532;
|
||||
--- config
|
||||
location / {
|
||||
SecRulesEnabled;
|
||||
CheckRule "$LOG_TEST >= 1" LOG;
|
||||
CheckRule "$UWA >= 8" BLOCK;
|
||||
DeniedUrl "/RequestDenied";
|
||||
CheckRule "$SQL >= 4" BLOCK;
|
||||
root $TEST_NGINX_SERVROOT/html/;
|
||||
index index.html index.htm;
|
||||
}
|
||||
location /RequestDenied {
|
||||
return 412;
|
||||
}
|
||||
--- more_headers
|
||||
Content-Type: application/x-www-form-urlencoded
|
||||
--- request eval
|
||||
use URI::Escape;
|
||||
"POST /wp-json/wp/v2/posts/111
|
||||
id=1a&foo2=bar2"
|
||||
--- error_code: 412
|
||||
Reference in New Issue
Block a user