fthielen/nginx-custom
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
Files
156dc3305f3b493d1dd27a65adcba7fadfc90a17
nginx-custom/naxsi-0.55.3/t/24rawbody.t
root 1fe2e8ab62 Initial Commit
2017-02-25 23:55:24 +01:00

394 lines
10 KiB
Perl
Vendored
Raw Blame History

This file contains invisible Unicode characters
This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
#vi:filetype=perl
use lib 'lib';
use Test::Nginx::Socket;
plan tests => repeat_each(2) * blocks();
no_root_location();
no_long_string();
$ENV{TEST_NGINX_SERVROOT} = server_root();
run_tests();
__DATA__
=== TEST0 - Simple id:11 block
--- main_config
load_module /tmp/naxsi_ut/modules/ngx_http_naxsi_module.so;
--- http_config
include /tmp/naxsi_ut/naxsi_core.rules;
--- config
location / {
SecRulesEnabled;
DeniedUrl "/RequestDenied";
CheckRule "$SQL >= 8" BLOCK;
CheckRule "$RFI >= 8" BLOCK;
CheckRule "$TRAVERSAL >= 4" BLOCK;
CheckRule "$XSS >= 8" BLOCK;
root $TEST_NGINX_SERVROOT/html/;
index index.html index.htm;
error_page 405 = $uri;
BasicRule wl:11 "mz:$URL:/yolo|BODY";
}
location /RequestDenied {
return 412;
}
--- more_headers
Content-Type: RAFARAFA
--- request eval
use URI::Escape;
"POST /
RANDOMTHINGS
"
--- error_code: 412
=== TEST1 - Simple id:11 allow
--- main_config
load_module /tmp/naxsi_ut/modules/ngx_http_naxsi_module.so;
--- http_config
include /tmp/naxsi_ut/naxsi_core.rules;
--- config
location / {
SecRulesEnabled;
DeniedUrl "/RequestDenied";
CheckRule "$SQL >= 8" BLOCK;
CheckRule "$RFI >= 8" BLOCK;
CheckRule "$TRAVERSAL >= 4" BLOCK;
CheckRule "$XSS >= 8" BLOCK;
root $TEST_NGINX_SERVROOT/html/;
index index.html index.htm;
error_page 405 = $uri;
BasicRule wl:11 "mz:$URL:/|BODY";
}
location /RequestDenied {
return 412;
}
--- more_headers
Content-Type: RAFARAFA
--- request eval
use URI::Escape;
"POST /
RANDOMTHINGS
"
--- error_code: 200
=== TEST2 - Simple id:11 allow + simple drop rule
--- main_config
load_module /tmp/naxsi_ut/modules/ngx_http_naxsi_module.so;
--- http_config
include /tmp/naxsi_ut/naxsi_core.rules;
MainRule "id:4241" "s:DROP" "str:RANDOMTHINGS" "mz:RAW_BODY";
--- config
location / {
SecRulesEnabled;
DeniedUrl "/RequestDenied";
CheckRule "$SQL >= 8" BLOCK;
CheckRule "$RFI >= 8" BLOCK;
CheckRule "$TRAVERSAL >= 4" BLOCK;
CheckRule "$XSS >= 8" BLOCK;
root $TEST_NGINX_SERVROOT/html/;
index index.html index.htm;
error_page 405 = $uri;
BasicRule wl:11 "mz:$URL:/|BODY";
}
location /RequestDenied {
return 412;
}
--- more_headers
Content-Type: RAFARAFA
--- request eval
use URI::Escape;
"POST /
RANDOMTHINGS
"
--- error_code: 412
=== TEST3 - Simple id:11 allow + simple drop rule + WL raw_body rule
--- main_config
load_module /tmp/naxsi_ut/modules/ngx_http_naxsi_module.so;
--- http_config
include /tmp/naxsi_ut/naxsi_core.rules;
MainRule id:4241 s:DROP str:RANDOMTHINGS mz:RAW_BODY;
--- config
location / {
SecRulesEnabled;
DeniedUrl "/RequestDenied";
CheckRule "$SQL >= 8" BLOCK;
CheckRule "$RFI >= 8" BLOCK;
CheckRule "$TRAVERSAL >= 4" BLOCK;
CheckRule "$XSS >= 8" BLOCK;
root $TEST_NGINX_SERVROOT/html/;
index index.html index.htm;
error_page 405 = $uri;
BasicRule wl:11 "mz:$URL:/|BODY";
BasicRule wl:4241 "mz:$URL:/|BODY";
}
location /RequestDenied {
return 412;
}
--- more_headers
Content-Type: RAFARAFA
--- request eval
use URI::Escape;
"POST /
RANDOMTHINGS
"
--- error_code: 200
=== TEST4 - Simple id:11 allow + simple drop rule + fail WL raw_body rule
--- main_config
load_module /tmp/naxsi_ut/modules/ngx_http_naxsi_module.so;
--- http_config
include /tmp/naxsi_ut/naxsi_core.rules;
MainRule id:4241 s:DROP str:RANDOMTHINGS mz:RAW_BODY;
--- config
location / {
SecRulesEnabled;
DeniedUrl "/RequestDenied";
CheckRule "$SQL >= 8" BLOCK;
CheckRule "$RFI >= 8" BLOCK;
CheckRule "$TRAVERSAL >= 4" BLOCK;
CheckRule "$XSS >= 8" BLOCK;
root $TEST_NGINX_SERVROOT/html/;
index index.html index.htm;
error_page 405 = $uri;
BasicRule wl:11 "mz:$URL:/|BODY";
BasicRule wl:4241 "mz:$URL:/rata|BODY";
}
location /RequestDenied {
return 412;
}
--- more_headers
Content-Type: RAFARAFA
--- request eval
use URI::Escape;
"POST /
RANDOMTHINGS
"
--- error_code: 412
=== TEST5 - Simple id:11 allow + simple drop rule + null-bytes in body
--- main_config
load_module /tmp/naxsi_ut/modules/ngx_http_naxsi_module.so;
--- http_config
include /tmp/naxsi_ut/naxsi_core.rules;
MainRule id:4241 s:DROP str:RANDOMTHINGS mz:RAW_BODY;
--- config
location / {
SecRulesEnabled;
DeniedUrl "/RequestDenied";
CheckRule "$SQL >= 8" BLOCK;
CheckRule "$RFI >= 8" BLOCK;
CheckRule "$TRAVERSAL >= 4" BLOCK;
CheckRule "$XSS >= 8" BLOCK;
root $TEST_NGINX_SERVROOT/html/;
index index.html index.htm;
error_page 405 = $uri;
BasicRule wl:11 "mz:$URL:/|BODY";
BasicRule wl:4241 "mz:$URL:/rata|BODY";
}
location /RequestDenied {
return 412;
}
--- more_headers
Content-Type: RAFARAFA
--- request eval
use URI::Escape;
"POST /
%00RANDBBOMTHINGS%00
"
--- error_code: 200
=== TEST6 - Simple id:11 allow + simple drop rule + null-bytes in body
--- main_config
load_module /tmp/naxsi_ut/modules/ngx_http_naxsi_module.so;
--- http_config
include /tmp/naxsi_ut/naxsi_core.rules;
MainRule id:4241 s:DROP str:RANDOMTHINGS mz:RAW_BODY;
--- config
location / {
SecRulesEnabled;
DeniedUrl "/RequestDenied";
CheckRule "$SQL >= 8" BLOCK;
CheckRule "$RFI >= 8" BLOCK;
CheckRule "$TRAVERSAL >= 4" BLOCK;
CheckRule "$XSS >= 8" BLOCK;
root $TEST_NGINX_SERVROOT/html/;
index index.html index.htm;
error_page 405 = $uri;
BasicRule wl:11 "mz:$URL:/|BODY";
}
location /RequestDenied {
return 412;
}
--- more_headers
Content-Type: RAFARAFA
--- request eval
use URI::Escape;
"POST /
%00XXRANDBBRANDOMTHINGS%00
"
--- error_code: 412
=== TEST7 - Testing raw bytes match
--- main_config
load_module /tmp/naxsi_ut/modules/ngx_http_naxsi_module.so;
--- http_config
include /tmp/naxsi_ut/naxsi_core.rules;
#body was like perl -e 'print "\x02\x02\x00\x00\x02"x42 . "\x01\x02\x03\x04"'
MainRule id:4241 s:DROP "rx:\x01\x02\x03\x04" mz:RAW_BODY;
--- config
location / {
SecRulesEnabled;
DeniedUrl "/RequestDenied";
CheckRule "$SQL >= 8" BLOCK;
CheckRule "$RFI >= 8" BLOCK;
CheckRule "$TRAVERSAL >= 4" BLOCK;
CheckRule "$XSS >= 8" BLOCK;
root $TEST_NGINX_SERVROOT/html/;
index index.html index.htm;
error_page 405 = $uri;
error_page 400 = $uri;
BasicRule wl:11 "mz:$URL:/|BODY";
}
location /RequestDenied {
return 412;
}
--- more_headers
Content-Type: RAFARAFA
--- request
POST /

--- error_code: 412
=== TEST8 - Simple id:11 allow + simple drop rule + fail WL raw_body rule (local rule)
--- main_config
load_module /tmp/naxsi_ut/modules/ngx_http_naxsi_module.so;
--- http_config
include /tmp/naxsi_ut/naxsi_core.rules;
--- config
location / {
SecRulesEnabled;
DeniedUrl "/RequestDenied";
CheckRule "$SQL >= 8" BLOCK;
CheckRule "$RFI >= 8" BLOCK;
CheckRule "$TRAVERSAL >= 4" BLOCK;
CheckRule "$XSS >= 8" BLOCK;
root $TEST_NGINX_SERVROOT/html/;
index index.html index.htm;
error_page 405 = $uri;
BasicRule wl:11 "mz:$URL:/|BODY";
BasicRule wl:4241 "mz:$URL:/rata|BODY";
BasicRule id:4241 s:DROP str:RANDOMTHINGS mz:RAW_BODY;
}
location /RequestDenied {
return 412;
}
--- more_headers
Content-Type: RAFARAFA
--- request eval
use URI::Escape;
"POST /
RANDOMTHINGS
"
--- error_code: 412
=== TEST8.1 - Simple id:11 allow + simple drop rule + fail WL raw_body rule (local rule)
--- main_config
load_module /tmp/naxsi_ut/modules/ngx_http_naxsi_module.so;
--- http_config
include /tmp/naxsi_ut/naxsi_core.rules;
--- config
location / {
SecRulesEnabled;
DeniedUrl "/RequestDenied";
CheckRule "$SQL >= 8" BLOCK;
CheckRule "$RFI >= 8" BLOCK;
CheckRule "$TRAVERSAL >= 4" BLOCK;
CheckRule "$XSS >= 8" BLOCK;
root $TEST_NGINX_SERVROOT/html/;
index index.html index.htm;
error_page 405 = $uri;
BasicRule wl:11 "mz:$URL:/|BODY";
BasicRule wl:4241 "mz:$URL:/|BODY";
BasicRule id:4241 s:DROP str:RANDOMTHINGS mz:RAW_BODY;
}
location /RequestDenied {
return 412;
}
--- more_headers
Content-Type: RAFARAFA
--- request eval
use URI::Escape;
"POST /
RANDOMTHINGS
"
--- error_code: 200
=== TEST8.2 - Simple id:11 allow + empty body
--- main_config
load_module /tmp/naxsi_ut/modules/ngx_http_naxsi_module.so;
--- http_config
include /tmp/naxsi_ut/naxsi_core.rules;
--- config
location / {
SecRulesEnabled;
DeniedUrl "/RequestDenied";
CheckRule "$SQL >= 8" BLOCK;
CheckRule "$RFI >= 8" BLOCK;
CheckRule "$TRAVERSAL >= 4" BLOCK;
CheckRule "$XSS >= 8" BLOCK;
root $TEST_NGINX_SERVROOT/html/;
index index.html index.htm;
error_page 405 = $uri;
BasicRule wl:11,16 "mz:$URL:/|BODY";
BasicRule wl:4241 "mz:$URL:/|BODY";
BasicRule id:4241 s:DROP str:RANDOMTHINGS mz:RAW_BODY;
}
location /RequestDenied {
return 412;
}
--- more_headers
Content-Type: RAFARAFA
--- request eval
use URI::Escape;
"POST /
"
--- error_code: 200
=== TEST8.3 - Simple id:11 allow + empty body
--- main_config
load_module /tmp/naxsi_ut/modules/ngx_http_naxsi_module.so;
--- http_config
include /tmp/naxsi_ut/naxsi_core.rules;
--- config
location / {
SecRulesEnabled;
DeniedUrl "/RequestDenied";
CheckRule "$SQL >= 8" BLOCK;
CheckRule "$RFI >= 8" BLOCK;
CheckRule "$TRAVERSAL >= 4" BLOCK;
CheckRule "$XSS >= 8" BLOCK;
root $TEST_NGINX_SERVROOT/html/;
index index.html index.htm;
error_page 405 = $uri;
BasicRule wl:11,16 "mz:$URL:/|BODY";
BasicRule wl:4241 "mz:BODY";
BasicRule id:4241 s:DROP str:RANDOMTHINGS mz:RAW_BODY;
}
location /RequestDenied {
return 412;
}
--- more_headers
Content-Type: RAFARAFA
--- request eval
use URI::Escape;
"POST /
"
--- error_code: 200
Reference in New Issue View Git Blame Copy Permalink