Skip to content

Commit e334573

Browse files
SebitoshSebitosh
committed
Target tests 007 & 008 - ARGS_POST & ARGS_POST_NAMES
Signed-off-by: Sebitosh <[email protected]>
1 parent 468481e commit e334573

32 files changed

+1537
-15
lines changed

config_tests/CONF_007_TARGET_ARGS_POST.yaml

+41
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,41 @@
1+
target: ARGS_POST
2+
rulefile: MRTS_007_ARGS_POST.conf
3+
testfile: MRTS_007_ARGS_POST.yaml
4+
templates:
5+
- SecRule for TARGETS
6+
colkey:
7+
- - ''
8+
- - arg1
9+
- - arg1
10+
- arg2
11+
- - /^arg_.*$/
12+
operator:
13+
- '@contains'
14+
oparg:
15+
- attack
16+
phase:
17+
- 2
18+
- 3
19+
- 4
20+
testdata:
21+
phase_methods:
22+
2: post
23+
3: post
24+
4: post
25+
targets:
26+
- target: ''
27+
test:
28+
data:
29+
foo: attack
30+
- target: arg1
31+
test:
32+
data:
33+
arg1: attack
34+
- target: arg2
35+
test:
36+
data:
37+
arg2: attack
38+
- target: /^arg_.*$/
39+
test:
40+
data:
41+
arg_foo: attack

config_tests/CONF_008_TARGET_ARGS_POST_NAMES.yaml

+41
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,41 @@
1+
target: ARGS_POST_NAMES
2+
rulefile: MRTS_008_ARGS_POST_NAMES.conf
3+
testfile: MRTS_008_ARGS_POST_NAMES.yaml
4+
templates:
5+
- SecRule for TARGETS
6+
colkey:
7+
- - ''
8+
- - attack1
9+
- - attack1
10+
- attack2
11+
- - /^attack_.*$/
12+
operator:
13+
- '@contains'
14+
oparg:
15+
- attack
16+
phase:
17+
- 2
18+
- 3
19+
- 4
20+
testdata:
21+
phase_methods:
22+
2: post
23+
3: post
24+
4: post
25+
targets:
26+
- target: ''
27+
test:
28+
data:
29+
attack: test
30+
- target: attack1
31+
test:
32+
data:
33+
attack1: test
34+
- target: attack2
35+
test:
36+
data:
37+
attack2: test
38+
- target: /^attack_.*$/
39+
test:
40+
data:
41+
attack_foo: test

generated/rules/MRTS_007_ARGS_POST.conf

+108
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,108 @@
1+
SecRule ARGS_POST "@contains attack" \
2+
"id:100092,\
3+
phase:2,\
4+
deny,\
5+
t:none,\
6+
log,\
7+
msg:'%{MATCHED_VAR_NAME} was caught in phase:2',\
8+
ver:'MRTS/0.1'"
9+
10+
SecRule ARGS_POST "@contains attack" \
11+
"id:100093,\
12+
phase:3,\
13+
deny,\
14+
t:none,\
15+
log,\
16+
msg:'%{MATCHED_VAR_NAME} was caught in phase:3',\
17+
ver:'MRTS/0.1'"
18+
19+
SecRule ARGS_POST "@contains attack" \
20+
"id:100094,\
21+
phase:4,\
22+
deny,\
23+
t:none,\
24+
log,\
25+
msg:'%{MATCHED_VAR_NAME} was caught in phase:4',\
26+
ver:'MRTS/0.1'"
27+
28+
SecRule ARGS_POST:arg1 "@contains attack" \
29+
"id:100095,\
30+
phase:2,\
31+
deny,\
32+
t:none,\
33+
log,\
34+
msg:'%{MATCHED_VAR_NAME} was caught in phase:2',\
35+
ver:'MRTS/0.1'"
36+
37+
SecRule ARGS_POST:arg1 "@contains attack" \
38+
"id:100096,\
39+
phase:3,\
40+
deny,\
41+
t:none,\
42+
log,\
43+
msg:'%{MATCHED_VAR_NAME} was caught in phase:3',\
44+
ver:'MRTS/0.1'"
45+
46+
SecRule ARGS_POST:arg1 "@contains attack" \
47+
"id:100097,\
48+
phase:4,\
49+
deny,\
50+
t:none,\
51+
log,\
52+
msg:'%{MATCHED_VAR_NAME} was caught in phase:4',\
53+
ver:'MRTS/0.1'"
54+
55+
SecRule ARGS_POST:arg1|ARGS_POST:arg2 "@contains attack" \
56+
"id:100098,\
57+
phase:2,\
58+
deny,\
59+
t:none,\
60+
log,\
61+
msg:'%{MATCHED_VAR_NAME} was caught in phase:2',\
62+
ver:'MRTS/0.1'"
63+
64+
SecRule ARGS_POST:arg1|ARGS_POST:arg2 "@contains attack" \
65+
"id:100099,\
66+
phase:3,\
67+
deny,\
68+
t:none,\
69+
log,\
70+
msg:'%{MATCHED_VAR_NAME} was caught in phase:3',\
71+
ver:'MRTS/0.1'"
72+
73+
SecRule ARGS_POST:arg1|ARGS_POST:arg2 "@contains attack" \
74+
"id:100100,\
75+
phase:4,\
76+
deny,\
77+
t:none,\
78+
log,\
79+
msg:'%{MATCHED_VAR_NAME} was caught in phase:4',\
80+
ver:'MRTS/0.1'"
81+
82+
SecRule ARGS_POST:/^arg_.*$/ "@contains attack" \
83+
"id:100101,\
84+
phase:2,\
85+
deny,\
86+
t:none,\
87+
log,\
88+
msg:'%{MATCHED_VAR_NAME} was caught in phase:2',\
89+
ver:'MRTS/0.1'"
90+
91+
SecRule ARGS_POST:/^arg_.*$/ "@contains attack" \
92+
"id:100102,\
93+
phase:3,\
94+
deny,\
95+
t:none,\
96+
log,\
97+
msg:'%{MATCHED_VAR_NAME} was caught in phase:3',\
98+
ver:'MRTS/0.1'"
99+
100+
SecRule ARGS_POST:/^arg_.*$/ "@contains attack" \
101+
"id:100103,\
102+
phase:4,\
103+
deny,\
104+
t:none,\
105+
log,\
106+
msg:'%{MATCHED_VAR_NAME} was caught in phase:4',\
107+
ver:'MRTS/0.1'"
108+

generated/rules/MRTS_008_ARGS_POST_NAMES.conf

+108
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,108 @@
1+
SecRule ARGS_POST_NAMES "@contains attack" \
2+
"id:100104,\
3+
phase:2,\
4+
deny,\
5+
t:none,\
6+
log,\
7+
msg:'%{MATCHED_VAR_NAME} was caught in phase:2',\
8+
ver:'MRTS/0.1'"
9+
10+
SecRule ARGS_POST_NAMES "@contains attack" \
11+
"id:100105,\
12+
phase:3,\
13+
deny,\
14+
t:none,\
15+
log,\
16+
msg:'%{MATCHED_VAR_NAME} was caught in phase:3',\
17+
ver:'MRTS/0.1'"
18+
19+
SecRule ARGS_POST_NAMES "@contains attack" \
20+
"id:100106,\
21+
phase:4,\
22+
deny,\
23+
t:none,\
24+
log,\
25+
msg:'%{MATCHED_VAR_NAME} was caught in phase:4',\
26+
ver:'MRTS/0.1'"
27+
28+
SecRule ARGS_POST_NAMES:attack1 "@contains attack" \
29+
"id:100107,\
30+
phase:2,\
31+
deny,\
32+
t:none,\
33+
log,\
34+
msg:'%{MATCHED_VAR_NAME} was caught in phase:2',\
35+
ver:'MRTS/0.1'"
36+
37+
SecRule ARGS_POST_NAMES:attack1 "@contains attack" \
38+
"id:100108,\
39+
phase:3,\
40+
deny,\
41+
t:none,\
42+
log,\
43+
msg:'%{MATCHED_VAR_NAME} was caught in phase:3',\
44+
ver:'MRTS/0.1'"
45+
46+
SecRule ARGS_POST_NAMES:attack1 "@contains attack" \
47+
"id:100109,\
48+
phase:4,\
49+
deny,\
50+
t:none,\
51+
log,\
52+
msg:'%{MATCHED_VAR_NAME} was caught in phase:4',\
53+
ver:'MRTS/0.1'"
54+
55+
SecRule ARGS_POST_NAMES:attack1|ARGS_POST_NAMES:attack2 "@contains attack" \
56+
"id:100110,\
57+
phase:2,\
58+
deny,\
59+
t:none,\
60+
log,\
61+
msg:'%{MATCHED_VAR_NAME} was caught in phase:2',\
62+
ver:'MRTS/0.1'"
63+
64+
SecRule ARGS_POST_NAMES:attack1|ARGS_POST_NAMES:attack2 "@contains attack" \
65+
"id:100111,\
66+
phase:3,\
67+
deny,\
68+
t:none,\
69+
log,\
70+
msg:'%{MATCHED_VAR_NAME} was caught in phase:3',\
71+
ver:'MRTS/0.1'"
72+
73+
SecRule ARGS_POST_NAMES:attack1|ARGS_POST_NAMES:attack2 "@contains attack" \
74+
"id:100112,\
75+
phase:4,\
76+
deny,\
77+
t:none,\
78+
log,\
79+
msg:'%{MATCHED_VAR_NAME} was caught in phase:4',\
80+
ver:'MRTS/0.1'"
81+
82+
SecRule ARGS_POST_NAMES:/^attack_.*$/ "@contains attack" \
83+
"id:100113,\
84+
phase:2,\
85+
deny,\
86+
t:none,\
87+
log,\
88+
msg:'%{MATCHED_VAR_NAME} was caught in phase:2',\
89+
ver:'MRTS/0.1'"
90+
91+
SecRule ARGS_POST_NAMES:/^attack_.*$/ "@contains attack" \
92+
"id:100114,\
93+
phase:3,\
94+
deny,\
95+
t:none,\
96+
log,\
97+
msg:'%{MATCHED_VAR_NAME} was caught in phase:3',\
98+
ver:'MRTS/0.1'"
99+
100+
SecRule ARGS_POST_NAMES:/^attack_.*$/ "@contains attack" \
101+
"id:100115,\
102+
phase:4,\
103+
deny,\
104+
t:none,\
105+
log,\
106+
msg:'%{MATCHED_VAR_NAME} was caught in phase:4',\
107+
ver:'MRTS/0.1'"
108+

generated/rules/MRTS_110_XML.conf

+3-3
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,5 @@
11
SecRule XML:/* "@beginsWith foo" \
2-
"id:100092,\
2+
"id:100116,\
33
phase:2,\
44
deny,\
55
t:none,\
@@ -8,7 +8,7 @@ SecRule XML:/* "@beginsWith foo" \
88
ver:'MRTS/0.1'"
99

1010
SecRule XML:/* "@beginsWith foo" \
11-
"id:100093,\
11+
"id:100117,\
1212
phase:3,\
1313
deny,\
1414
t:none,\
@@ -17,7 +17,7 @@ SecRule XML:/* "@beginsWith foo" \
1717
ver:'MRTS/0.1'"
1818

1919
SecRule XML:/* "@beginsWith foo" \
20-
"id:100094,\
20+
"id:100118,\
2121
phase:4,\
2222
deny,\
2323
t:none,\

0 commit comments

Comments
 (0)