diff --git a/config_tests/CONF_000_GLOBAL.yaml b/config_tests/CONF_000_GLOBAL.yaml
index 7b57329..03ab3c7 100644
--- a/config_tests/CONF_000_GLOBAL.yaml
+++ b/config_tests/CONF_000_GLOBAL.yaml
@@ -13,6 +13,15 @@ global:
log,\
msg:'%{MATCHED_VAR_NAME} was caught in phase:${PHASE}$',\
ver:'${VERSION}$'"
+ - name: "Non-disruptive SecRule for TARGETS"
+ template: |
+ SecRule ${TARGET}$ "${OPERATOR}$ ${OPARG}$" \
+ "id:${CURRID}$,\
+ phase:${PHASE}$,\
+ t:none,\
+ log,\
+ msg:'%{MATCHED_VAR_NAME} was caught in phase:${PHASE}$',\
+ ver:'${VERSION}$'"
default_tests_phase_methods:
- 1: get
- 2: post
diff --git a/config_tests/CONF_069_TARGET_RESPONSE_BODY.yaml b/config_tests/CONF_069_TARGET_RESPONSE_BODY.yaml
new file mode 100644
index 0000000..2ae6a07
--- /dev/null
+++ b/config_tests/CONF_069_TARGET_RESPONSE_BODY.yaml
@@ -0,0 +1,51 @@
+target: RESPONSE_BODY
+rulefile: MRTS_069_RESPONSE_BODY.conf
+testfile: MRTS_069_RESPONSE_BODY.yaml
+templates:
+ - Non-disruptive SecRule for TARGETS
+colkey:
+ - - ''
+operator:
+ - '@contains'
+oparg:
+ - attack
+phase:
+ - 4
+ - 5
+testdata:
+ phase_methods:
+ 4: post
+ 5: post
+ targets:
+ - target: ''
+ test:
+ data: '{"status": 200, "headers": {"Content-Type":"text/plain"}, "body": "attack"}'
+ input:
+ headers:
+ - name: Content-Type
+ value: application/json
+ uri: '/reflect'
+ - target: ''
+ test:
+ data: '{"status": 200, "headers": {"Content-Type":"text/html"}, "body": "attack"}'
+ input:
+ headers:
+ - name: Content-Type
+ value: application/json
+ uri: '/reflect'
+ - target: ''
+ test:
+ data: '{"status": 200, "headers": {"Content-Type":"text/xml"}, "body": "attackfoo"}'
+ input:
+ headers:
+ - name: Content-Type
+ value: application/json
+ uri: '/reflect'
+ - target: ''
+ test:
+ data: '{"status": 200, "headers": {"Content-Type":"application/json"}, "body": "{test:attack}"}'
+ input:
+ headers:
+ - name: Content-Type
+ value: application/json
+ uri: '/reflect'
diff --git a/generated/rules/MRTS_069_RESPONSE_BODY.conf b/generated/rules/MRTS_069_RESPONSE_BODY.conf
new file mode 100644
index 0000000..126cc00
--- /dev/null
+++ b/generated/rules/MRTS_069_RESPONSE_BODY.conf
@@ -0,0 +1,16 @@
+SecRule RESPONSE_BODY "@contains attack" \
+ "id:100092,\
+ phase:4,\
+ t:none,\
+ log,\
+ msg:'%{MATCHED_VAR_NAME} was caught in phase:4',\
+ ver:'MRTS/0.1'"
+
+SecRule RESPONSE_BODY "@contains attack" \
+ "id:100093,\
+ phase:5,\
+ t:none,\
+ log,\
+ msg:'%{MATCHED_VAR_NAME} was caught in phase:5',\
+ ver:'MRTS/0.1'"
+
diff --git a/generated/rules/MRTS_110_XML.conf b/generated/rules/MRTS_110_XML.conf
index 87fb4ce..861bc25 100644
--- a/generated/rules/MRTS_110_XML.conf
+++ b/generated/rules/MRTS_110_XML.conf
@@ -1,5 +1,5 @@
SecRule XML:/* "@beginsWith foo" \
- "id:100092,\
+ "id:100094,\
phase:2,\
deny,\
t:none,\
@@ -8,7 +8,7 @@ SecRule XML:/* "@beginsWith foo" \
ver:'MRTS/0.1'"
SecRule XML:/* "@beginsWith foo" \
- "id:100093,\
+ "id:100095,\
phase:3,\
deny,\
t:none,\
@@ -17,7 +17,7 @@ SecRule XML:/* "@beginsWith foo" \
ver:'MRTS/0.1'"
SecRule XML:/* "@beginsWith foo" \
- "id:100094,\
+ "id:100096,\
phase:4,\
deny,\
t:none,\
diff --git a/generated/tests/regression/tests/MRTS_069_RESPONSE_BODY_100092.yaml b/generated/tests/regression/tests/MRTS_069_RESPONSE_BODY_100092.yaml
new file mode 100644
index 0000000..870916c
--- /dev/null
+++ b/generated/tests/regression/tests/MRTS_069_RESPONSE_BODY_100092.yaml
@@ -0,0 +1,100 @@
+---
+meta:
+ author: MRTS generate-rules.py
+ enabled: true
+ name: MRTS_069_RESPONSE_BODY.yaml
+ description: Desc
+tests:
+- test_title: 100092-1
+ ruleid: 100092
+ test_id: 1
+ desc: 'Test case for rule 100092, #1'
+ stages:
+ - description: Send request
+ input:
+ dest_addr: 127.0.0.1
+ port: 80
+ protocol: http
+ method: POST
+ headers:
+ User-Agent: OWASP MRTS test agent
+ Host: localhost
+ Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
+ Content-Type: application/json
+ uri: /reflect
+ version: HTTP/1.1
+ data: '{"status": 200, "headers": {"Content-Type":"text/plain"}, "body": "attack"}'
+ output:
+ log:
+ expect_ids:
+ - 100092
+- test_title: 100092-2
+ ruleid: 100092
+ test_id: 2
+ desc: 'Test case for rule 100092, #2'
+ stages:
+ - description: Send request
+ input:
+ dest_addr: 127.0.0.1
+ port: 80
+ protocol: http
+ method: POST
+ headers:
+ User-Agent: OWASP MRTS test agent
+ Host: localhost
+ Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
+ Content-Type: application/json
+ uri: /reflect
+ version: HTTP/1.1
+ data: '{"status": 200, "headers": {"Content-Type":"text/html"}, "body": "attack"}'
+ output:
+ log:
+ expect_ids:
+ - 100092
+- test_title: 100092-3
+ ruleid: 100092
+ test_id: 3
+ desc: 'Test case for rule 100092, #3'
+ stages:
+ - description: Send request
+ input:
+ dest_addr: 127.0.0.1
+ port: 80
+ protocol: http
+ method: POST
+ headers:
+ User-Agent: OWASP MRTS test agent
+ Host: localhost
+ Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
+ Content-Type: application/json
+ uri: /reflect
+ version: HTTP/1.1
+ data: '{"status": 200, "headers": {"Content-Type":"text/xml"}, "body": "attackfoo"}'
+ output:
+ log:
+ expect_ids:
+ - 100092
+- test_title: 100092-4
+ ruleid: 100092
+ test_id: 4
+ desc: 'Test case for rule 100092, #4'
+ stages:
+ - description: Send request
+ input:
+ dest_addr: 127.0.0.1
+ port: 80
+ protocol: http
+ method: POST
+ headers:
+ User-Agent: OWASP MRTS test agent
+ Host: localhost
+ Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
+ Content-Type: application/json
+ uri: /reflect
+ version: HTTP/1.1
+ data: '{"status": 200, "headers": {"Content-Type":"application/json"}, "body":
+ "{test:attack}"}'
+ output:
+ log:
+ expect_ids:
+ - 100092
diff --git a/generated/tests/regression/tests/MRTS_069_RESPONSE_BODY_100093.yaml b/generated/tests/regression/tests/MRTS_069_RESPONSE_BODY_100093.yaml
new file mode 100644
index 0000000..78a8b7b
--- /dev/null
+++ b/generated/tests/regression/tests/MRTS_069_RESPONSE_BODY_100093.yaml
@@ -0,0 +1,100 @@
+---
+meta:
+ author: MRTS generate-rules.py
+ enabled: true
+ name: MRTS_069_RESPONSE_BODY.yaml
+ description: Desc
+tests:
+- test_title: 100093-1
+ ruleid: 100093
+ test_id: 1
+ desc: 'Test case for rule 100093, #1'
+ stages:
+ - description: Send request
+ input:
+ dest_addr: 127.0.0.1
+ port: 80
+ protocol: http
+ method: POST
+ headers:
+ User-Agent: OWASP MRTS test agent
+ Host: localhost
+ Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
+ Content-Type: application/json
+ uri: /reflect
+ version: HTTP/1.1
+ data: '{"status": 200, "headers": {"Content-Type":"text/plain"}, "body": "attack"}'
+ output:
+ log:
+ expect_ids:
+ - 100093
+- test_title: 100093-2
+ ruleid: 100093
+ test_id: 2
+ desc: 'Test case for rule 100093, #2'
+ stages:
+ - description: Send request
+ input:
+ dest_addr: 127.0.0.1
+ port: 80
+ protocol: http
+ method: POST
+ headers:
+ User-Agent: OWASP MRTS test agent
+ Host: localhost
+ Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
+ Content-Type: application/json
+ uri: /reflect
+ version: HTTP/1.1
+ data: '{"status": 200, "headers": {"Content-Type":"text/html"}, "body": "attack"}'
+ output:
+ log:
+ expect_ids:
+ - 100093
+- test_title: 100093-3
+ ruleid: 100093
+ test_id: 3
+ desc: 'Test case for rule 100093, #3'
+ stages:
+ - description: Send request
+ input:
+ dest_addr: 127.0.0.1
+ port: 80
+ protocol: http
+ method: POST
+ headers:
+ User-Agent: OWASP MRTS test agent
+ Host: localhost
+ Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
+ Content-Type: application/json
+ uri: /reflect
+ version: HTTP/1.1
+ data: '{"status": 200, "headers": {"Content-Type":"text/xml"}, "body": "attackfoo"}'
+ output:
+ log:
+ expect_ids:
+ - 100093
+- test_title: 100093-4
+ ruleid: 100093
+ test_id: 4
+ desc: 'Test case for rule 100093, #4'
+ stages:
+ - description: Send request
+ input:
+ dest_addr: 127.0.0.1
+ port: 80
+ protocol: http
+ method: POST
+ headers:
+ User-Agent: OWASP MRTS test agent
+ Host: localhost
+ Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
+ Content-Type: application/json
+ uri: /reflect
+ version: HTTP/1.1
+ data: '{"status": 200, "headers": {"Content-Type":"application/json"}, "body":
+ "{test:attack}"}'
+ output:
+ log:
+ expect_ids:
+ - 100093
diff --git a/generated/tests/regression/tests/MRTS_110_XML_100092.yaml b/generated/tests/regression/tests/MRTS_110_XML_100095.yaml
similarity index 86%
rename from generated/tests/regression/tests/MRTS_110_XML_100092.yaml
rename to generated/tests/regression/tests/MRTS_110_XML_100095.yaml
index c6892ce..11a1536 100644
--- a/generated/tests/regression/tests/MRTS_110_XML_100092.yaml
+++ b/generated/tests/regression/tests/MRTS_110_XML_100095.yaml
@@ -5,10 +5,10 @@ meta:
name: MRTS_110_XML.yaml
description: Desc
tests:
-- test_title: 100092-1
- ruleid: 100092
+- test_title: 100095-1
+ ruleid: 100095
test_id: 1
- desc: 'Test case for rule 100092, #1'
+ desc: 'Test case for rule 100095, #1'
stages:
- description: Send request
input:
@@ -27,4 +27,4 @@ tests:
output:
log:
expect_ids:
- - 100092
+ - 100095
diff --git a/generated/tests/regression/tests/MRTS_110_XML_100093.yaml b/generated/tests/regression/tests/MRTS_110_XML_100096.yaml
similarity index 86%
rename from generated/tests/regression/tests/MRTS_110_XML_100093.yaml
rename to generated/tests/regression/tests/MRTS_110_XML_100096.yaml
index 3d376d6..e10d75b 100644
--- a/generated/tests/regression/tests/MRTS_110_XML_100093.yaml
+++ b/generated/tests/regression/tests/MRTS_110_XML_100096.yaml
@@ -5,10 +5,10 @@ meta:
name: MRTS_110_XML.yaml
description: Desc
tests:
-- test_title: 100093-1
- ruleid: 100093
+- test_title: 100096-1
+ ruleid: 100096
test_id: 1
- desc: 'Test case for rule 100093, #1'
+ desc: 'Test case for rule 100096, #1'
stages:
- description: Send request
input:
@@ -27,4 +27,4 @@ tests:
output:
log:
expect_ids:
- - 100093
+ - 100096