#vi:filetype=perl # A AJOUTER : # TEST CASE AVEC UNE REGLE SUR UN HEADER GENERIQUE # La même sur des arguments :) use lib 'lib'; use Test::Nginx::Socket; plan tests => repeat_each(2) * blocks(); no_root_location(); no_long_string(); $ENV{TEST_NGINX_SERVROOT} = server_root(); run_tests(); __DATA__ === WL TEST 1.0 --- main_config load_module /tmp/naxsi_ut/modules/ngx_http_naxsi_module.so; --- http_config include /tmp/naxsi_ut/naxsi_core.rules; MainRule negative "str:foobar" "msg:foobar test pattern" "mz:$ARGS_VAR:b" "s:$SQL:42" id:1999; --- config location / { #LearningMode; SecRulesEnabled; DeniedUrl "/RequestDenied"; CheckRule "$SQL >= 8" BLOCK; CheckRule "$RFI >= 8" BLOCK; CheckRule "$TRAVERSAL >= 4" BLOCK; CheckRule "$XSS >= 8" BLOCK; root $TEST_NGINX_SERVROOT/html/; index index.html index.htm; } location /RequestDenied { return 412; } --- request GET /?b=toto --- error_code: 412 === WL TEST 1.01 --- main_config load_module /tmp/naxsi_ut/modules/ngx_http_naxsi_module.so; --- http_config include /tmp/naxsi_ut/naxsi_core.rules; MainRule negative "str:foobar" "msg:foobar test pattern" "mz:$ARGS_VAR:b" "s:$SQL:42" id:1999; --- config location / { #LearningMode; SecRulesEnabled; DeniedUrl "/RequestDenied"; CheckRule "$SQL >= 8" BLOCK; CheckRule "$RFI >= 8" BLOCK; CheckRule "$TRAVERSAL >= 4" BLOCK; CheckRule "$XSS >= 8" BLOCK; root $TEST_NGINX_SERVROOT/html/; index index.html index.htm; } location /RequestDenied { return 412; } --- request GET /?b=foobar --- error_code: 200 === WL TEST 1.03 --- main_config load_module /tmp/naxsi_ut/modules/ngx_http_naxsi_module.so; --- http_config include /tmp/naxsi_ut/naxsi_core.rules; MainRule negative "str:foobar" "msg:foobar test pattern" "mz:$URL:/|$ARGS_VAR:b" "s:$SQL:42" id:1999; --- config location / { #LearningMode; SecRulesEnabled; DeniedUrl "/RequestDenied"; CheckRule "$SQL >= 8" BLOCK; CheckRule "$RFI >= 8" BLOCK; CheckRule "$TRAVERSAL >= 4" BLOCK; CheckRule "$XSS >= 8" BLOCK; root $TEST_NGINX_SERVROOT/html/; index index.html index.htm; } location /RequestDenied { return 412; } --- request GET /a?b=foobar --- error_code: 404 === WL TEST 1.04 --- main_config load_module /tmp/naxsi_ut/modules/ngx_http_naxsi_module.so; --- http_config include /tmp/naxsi_ut/naxsi_core.rules; MainRule negative "str:foobar" "msg:foobar test pattern" "mz:$URL:/a|$ARGS_VAR:b" "s:$SQL:42" id:1999; --- config location / { #LearningMode; SecRulesEnabled; DeniedUrl "/RequestDenied"; CheckRule "$SQL >= 8" BLOCK; CheckRule "$RFI >= 8" BLOCK; CheckRule "$TRAVERSAL >= 4" BLOCK; CheckRule "$XSS >= 8" BLOCK; root $TEST_NGINX_SERVROOT/html/; index index.html index.htm; } location /RequestDenied { return 412; } --- request GET /a?b=foobrar --- error_code: 412 === WL TEST 2.0 --- main_config load_module /tmp/naxsi_ut/modules/ngx_http_naxsi_module.so; --- http_config include /tmp/naxsi_ut/naxsi_core.rules; MainRule negative "rx:foobar" "msg:foobar test pattern" "mz:$URL:/a|$ARGS_VAR:b" "s:$SQL:42" id:1999; --- config location / { #LearningMode; SecRulesEnabled; DeniedUrl "/RequestDenied"; CheckRule "$SQL >= 8" BLOCK; CheckRule "$RFI >= 8" BLOCK; CheckRule "$TRAVERSAL >= 4" BLOCK; CheckRule "$XSS >= 8" BLOCK; root $TEST_NGINX_SERVROOT/html/; index index.html index.htm; } location /RequestDenied { return 412; } --- request GET /a?b=foobrar --- error_code: 412 === WL TEST 2.01 --- main_config load_module /tmp/naxsi_ut/modules/ngx_http_naxsi_module.so; --- http_config include /tmp/naxsi_ut/naxsi_core.rules; MainRule negative "rx:foobar" "msg:foobar test pattern" "mz:$URL:/a|$ARGS_VAR:b" "s:$SQL:42" id:1999; --- config location / { #LearningMode; SecRulesEnabled; DeniedUrl "/RequestDenied"; CheckRule "$SQL >= 8" BLOCK; CheckRule "$RFI >= 8" BLOCK; CheckRule "$TRAVERSAL >= 4" BLOCK; CheckRule "$XSS >= 8" BLOCK; root $TEST_NGINX_SERVROOT/html/; index index.html index.htm; } location /RequestDenied { return 412; } --- request GET /a?b=foobar --- error_code: 404 === WL TEST 2.02 --- main_config load_module /tmp/naxsi_ut/modules/ngx_http_naxsi_module.so; --- http_config include /tmp/naxsi_ut/naxsi_core.rules; MainRule negative "rx:^foobar" "msg:foobar test pattern" "mz:$URL:/a|$ARGS_VAR:b" "s:$SQL:42" id:1999; --- config location / { #LearningMode; SecRulesEnabled; DeniedUrl "/RequestDenied"; CheckRule "$SQL >= 8" BLOCK; CheckRule "$RFI >= 8" BLOCK; CheckRule "$TRAVERSAL >= 4" BLOCK; CheckRule "$XSS >= 8" BLOCK; root $TEST_NGINX_SERVROOT/html/; index index.html index.htm; } location /RequestDenied { return 412; } --- request GET /?b=foobar --- error_code: 200 === WL TEST 2.03 --- main_config load_module /tmp/naxsi_ut/modules/ngx_http_naxsi_module.so; --- http_config include /tmp/naxsi_ut/naxsi_core.rules; MainRule negative "rx:^foobar" "msg:foobar test pattern" "mz:$URL:/a|$ARGS_VAR:b" "s:$SQL:42" id:1999; --- config location / { #LearningMode; SecRulesEnabled; DeniedUrl "/RequestDenied"; CheckRule "$SQL >= 8" BLOCK; CheckRule "$RFI >= 8" BLOCK; CheckRule "$TRAVERSAL >= 4" BLOCK; CheckRule "$XSS >= 8" BLOCK; root $TEST_NGINX_SERVROOT/html/; index index.html index.htm; } location /RequestDenied { return 412; } --- request GET /a?b=rfoobar --- error_code: 412 === WL TEST 2.04 --- main_config load_module /tmp/naxsi_ut/modules/ngx_http_naxsi_module.so; --- http_config include /tmp/naxsi_ut/naxsi_core.rules; MainRule negative "rx:^foobar" "msg:foobar test pattern" "mz:$URL:/a|$ARGS_VAR:b" "s:$SQL:42" id:1999; --- config location / { #LearningMode; SecRulesEnabled; DeniedUrl "/RequestDenied"; CheckRule "$SQL >= 8" BLOCK; CheckRule "$RFI >= 8" BLOCK; CheckRule "$TRAVERSAL >= 4" BLOCK; CheckRule "$XSS >= 8" BLOCK; root $TEST_NGINX_SERVROOT/html/; index index.html index.htm; } location /RequestDenied { return 412; } --- request GET /a?b=foobar --- error_code: 404 === WL TEST 2.05 --- main_config load_module /tmp/naxsi_ut/modules/ngx_http_naxsi_module.so; --- http_config include /tmp/naxsi_ut/naxsi_core.rules; MainRule negative "rx:^foobar$" "msg:foobar test pattern" "mz:$URL:/a|$ARGS_VAR:b" "s:$SQL:42" id:1999; --- config location / { #LearningMode; SecRulesEnabled; DeniedUrl "/RequestDenied"; CheckRule "$SQL >= 8" BLOCK; CheckRule "$RFI >= 8" BLOCK; CheckRule "$TRAVERSAL >= 4" BLOCK; CheckRule "$XSS >= 8" BLOCK; root $TEST_NGINX_SERVROOT/html/; index index.html index.htm; } location /RequestDenied { return 412; } --- request GET /a?b=foobar --- error_code: 404 === WL TEST 2.06 --- main_config load_module /tmp/naxsi_ut/modules/ngx_http_naxsi_module.so; --- http_config include /tmp/naxsi_ut/naxsi_core.rules; MainRule negative "rx:^foobar$" "msg:foobar test pattern" "mz:$URL:/a|$ARGS_VAR:b" "s:$SQL:42" id:1999; --- config location / { #LearningMode; SecRulesEnabled; DeniedUrl "/RequestDenied"; CheckRule "$SQL >= 8" BLOCK; CheckRule "$RFI >= 8" BLOCK; CheckRule "$TRAVERSAL >= 4" BLOCK; CheckRule "$XSS >= 8" BLOCK; root $TEST_NGINX_SERVROOT/html/; index index.html index.htm; } location /RequestDenied { return 412; } --- request GET /a?b=foobara --- error_code: 412 === WL TEST 2.07 --- main_config load_module /tmp/naxsi_ut/modules/ngx_http_naxsi_module.so; --- http_config include /tmp/naxsi_ut/naxsi_core.rules; MainRule negative "rx:^[0-9]+$" "msg:foobar test pattern" "mz:$URL:/a|$ARGS_VAR:b" "s:$SQL:42" id:1999; --- config location / { #LearningMode; SecRulesEnabled; DeniedUrl "/RequestDenied"; CheckRule "$SQL >= 8" BLOCK; CheckRule "$RFI >= 8" BLOCK; CheckRule "$TRAVERSAL >= 4" BLOCK; CheckRule "$XSS >= 8" BLOCK; root $TEST_NGINX_SERVROOT/html/; index index.html index.htm; } location /RequestDenied { return 412; } --- request GET /a?b=foobara --- error_code: 412 === WL TEST 2.08 --- main_config load_module /tmp/naxsi_ut/modules/ngx_http_naxsi_module.so; --- http_config include /tmp/naxsi_ut/naxsi_core.rules; MainRule negative "rx:^[0-9]+$" "msg:foobar test pattern" "mz:$URL:/a|$ARGS_VAR:b" "s:$SQL:42" id:1999; --- config location / { #LearningMode; SecRulesEnabled; DeniedUrl "/RequestDenied"; CheckRule "$SQL >= 8" BLOCK; CheckRule "$RFI >= 8" BLOCK; CheckRule "$TRAVERSAL >= 4" BLOCK; CheckRule "$XSS >= 8" BLOCK; root $TEST_NGINX_SERVROOT/html/; index index.html index.htm; } location /RequestDenied { return 412; } --- request GET /a?b=1234 --- error_code: 404