Test: target RESPONSE_BODY - 069

config_tests/CONF_000_GLOBAL.yaml

@@ -13,6 +13,15 @@ global:
           log,\
           msg:'%{MATCHED_VAR_NAME} was caught in phase:${PHASE}$',\
           ver:'${VERSION}$'"
+  - name: "Non-disruptive SecRule for TARGETS"
+    template: |
+      SecRule ${TARGET}$ "${OPERATOR}$ ${OPARG}$" \
+          "id:${CURRID}$,\
+          phase:${PHASE}$,\
+          t:none,\
+          log,\
+          msg:'%{MATCHED_VAR_NAME} was caught in phase:${PHASE}$',\
+          ver:'${VERSION}$'"
   default_tests_phase_methods:
   - 1: get
   - 2: post

config_tests/CONF_069_TARGET_RESPONSE_BODY.yaml

@@ -0,0 +1,51 @@
+target: RESPONSE_BODY
+rulefile: MRTS_069_RESPONSE_BODY.conf
+testfile: MRTS_069_RESPONSE_BODY.yaml
+templates:
+  - Non-disruptive SecRule for TARGETS
+colkey:
+  - - ''
+operator:
+  - '@contains'
+oparg:
+  - attack
+phase:
+  - 4
+  - 5
+testdata:
+  phase_methods:
+    4: post
+    5: post
+  targets:
+    - target: ''
+      test:
+        data: '{"status": 200, "headers": {"Content-Type":"text/plain"}, "body": "attack"}'
+        input:
+          headers:
+            - name: Content-Type
+              value: application/json
+          uri: '/reflect'
+    - target: ''
+      test:
+        data: '{"status": 200, "headers": {"Content-Type":"text/html"}, "body": "<html>attack</html>"}'
+        input:
+          headers:
+            - name: Content-Type
+              value: application/json
+          uri: '/reflect'
+    - target: ''
+      test:
+        data: '{"status": 200, "headers": {"Content-Type":"text/xml"}, "body": "<level1><level2>attack</level2><level2>foo</level2></level1>"}'
+        input:
+          headers:
+            - name: Content-Type
+              value: application/json
+          uri: '/reflect'
+    - target: ''
+      test:
+        data: '{"status": 200, "headers": {"Content-Type":"application/json"}, "body": "{test:attack}"}'
+        input:
+          headers:
+            - name: Content-Type
+              value: application/json
+          uri: '/reflect'

generated/rules/MRTS_069_RESPONSE_BODY.conf

@@ -0,0 +1,16 @@
+SecRule RESPONSE_BODY "@contains attack" \
+    "id:100092,\
+    phase:4,\
+    t:none,\
+    log,\
+    msg:'%{MATCHED_VAR_NAME} was caught in phase:4',\
+    ver:'MRTS/0.1'"
+
+SecRule RESPONSE_BODY "@contains attack" \
+    "id:100093,\
+    phase:5,\
+    t:none,\
+    log,\
+    msg:'%{MATCHED_VAR_NAME} was caught in phase:5',\
+    ver:'MRTS/0.1'"
+

generated/rules/MRTS_110_XML.conf

@@ -1,5 +1,5 @@
 SecRule XML:/* "@beginsWith foo" \
-    "id:100092,\
+    "id:100094,\
     phase:2,\
     deny,\
     t:none,\
@@ -8,7 +8,7 @@ SecRule XML:/* "@beginsWith foo" \
     ver:'MRTS/0.1'"
 
 SecRule XML:/* "@beginsWith foo" \
-    "id:100093,\
+    "id:100095,\
     phase:3,\
     deny,\
     t:none,\
@@ -17,7 +17,7 @@ SecRule XML:/* "@beginsWith foo" \
     ver:'MRTS/0.1'"
 
 SecRule XML:/* "@beginsWith foo" \
-    "id:100094,\
+    "id:100096,\
     phase:4,\
     deny,\
     t:none,\

generated/tests/regression/tests/MRTS_069_RESPONSE_BODY_100092.yaml

@@ -0,0 +1,100 @@
+---
+meta:
+  author: MRTS generate-rules.py
+  enabled: true
+  name: MRTS_069_RESPONSE_BODY.yaml
+  description: Desc
+tests:
+- test_title: 100092-1
+  ruleid: 100092
+  test_id: 1
+  desc: 'Test case for rule 100092, #1'
+  stages:
+  - description: Send request
+    input:
+      dest_addr: 127.0.0.1
+      port: 80
+      protocol: http
+      method: POST
+      headers:
+        User-Agent: OWASP MRTS test agent
+        Host: localhost
+        Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
+        Content-Type: application/json
+      uri: /reflect
+      version: HTTP/1.1
+      data: '{"status": 200, "headers": {"Content-Type":"text/plain"}, "body": "attack"}'
+    output:
+      log:
+        expect_ids:
+        - 100092
+- test_title: 100092-2
+  ruleid: 100092
+  test_id: 2
+  desc: 'Test case for rule 100092, #2'
+  stages:
+  - description: Send request
+    input:
+      dest_addr: 127.0.0.1
+      port: 80
+      protocol: http
+      method: POST
+      headers:
+        User-Agent: OWASP MRTS test agent
+        Host: localhost
+        Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
+        Content-Type: application/json
+      uri: /reflect
+      version: HTTP/1.1
+      data: '{"status": 200, "headers": {"Content-Type":"text/html"}, "body": "<html>attack</html>"}'
+    output:
+      log:
+        expect_ids:
+        - 100092
+- test_title: 100092-3
+  ruleid: 100092
+  test_id: 3
+  desc: 'Test case for rule 100092, #3'
+  stages:
+  - description: Send request
+    input:
+      dest_addr: 127.0.0.1
+      port: 80
+      protocol: http
+      method: POST
+      headers:
+        User-Agent: OWASP MRTS test agent
+        Host: localhost
+        Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
+        Content-Type: application/json
+      uri: /reflect
+      version: HTTP/1.1
+      data: '{"status": 200, "headers": {"Content-Type":"text/xml"}, "body": "<level1><level2>attack</level2><level2>foo</level2></level1>"}'
+    output:
+      log:
+        expect_ids:
+        - 100092
+- test_title: 100092-4
+  ruleid: 100092
+  test_id: 4
+  desc: 'Test case for rule 100092, #4'
+  stages:
+  - description: Send request
+    input:
+      dest_addr: 127.0.0.1
+      port: 80
+      protocol: http
+      method: POST
+      headers:
+        User-Agent: OWASP MRTS test agent
+        Host: localhost
+        Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
+        Content-Type: application/json
+      uri: /reflect
+      version: HTTP/1.1
+      data: '{"status": 200, "headers": {"Content-Type":"application/json"}, "body":
+        "{test:attack}"}'
+    output:
+      log:
+        expect_ids:
+        - 100092

generated/tests/regression/tests/MRTS_069_RESPONSE_BODY_100093.yaml

@@ -0,0 +1,100 @@
+---
+meta:
+  author: MRTS generate-rules.py
+  enabled: true
+  name: MRTS_069_RESPONSE_BODY.yaml
+  description: Desc
+tests:
+- test_title: 100093-1
+  ruleid: 100093
+  test_id: 1
+  desc: 'Test case for rule 100093, #1'
+  stages:
+  - description: Send request
+    input:
+      dest_addr: 127.0.0.1
+      port: 80
+      protocol: http
+      method: POST
+      headers:
+        User-Agent: OWASP MRTS test agent
+        Host: localhost
+        Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
+        Content-Type: application/json
+      uri: /reflect
+      version: HTTP/1.1
+      data: '{"status": 200, "headers": {"Content-Type":"text/plain"}, "body": "attack"}'
+    output:
+      log:
+        expect_ids:
+        - 100093
+- test_title: 100093-2
+  ruleid: 100093
+  test_id: 2
+  desc: 'Test case for rule 100093, #2'
+  stages:
+  - description: Send request
+    input:
+      dest_addr: 127.0.0.1
+      port: 80
+      protocol: http
+      method: POST
+      headers:
+        User-Agent: OWASP MRTS test agent
+        Host: localhost
+        Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
+        Content-Type: application/json
+      uri: /reflect
+      version: HTTP/1.1
+      data: '{"status": 200, "headers": {"Content-Type":"text/html"}, "body": "<html>attack</html>"}'
+    output:
+      log:
+        expect_ids:
+        - 100093
+- test_title: 100093-3
+  ruleid: 100093
+  test_id: 3
+  desc: 'Test case for rule 100093, #3'
+  stages:
+  - description: Send request
+    input:
+      dest_addr: 127.0.0.1
+      port: 80
+      protocol: http
+      method: POST
+      headers:
+        User-Agent: OWASP MRTS test agent
+        Host: localhost
+        Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
+        Content-Type: application/json
+      uri: /reflect
+      version: HTTP/1.1
+      data: '{"status": 200, "headers": {"Content-Type":"text/xml"}, "body": "<level1><level2>attack</level2><level2>foo</level2></level1>"}'
+    output:
+      log:
+        expect_ids:
+        - 100093
+- test_title: 100093-4
+  ruleid: 100093
+  test_id: 4
+  desc: 'Test case for rule 100093, #4'
+  stages:
+  - description: Send request
+    input:
+      dest_addr: 127.0.0.1
+      port: 80
+      protocol: http
+      method: POST
+      headers:
+        User-Agent: OWASP MRTS test agent
+        Host: localhost
+        Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
+        Content-Type: application/json
+      uri: /reflect
+      version: HTTP/1.1
+      data: '{"status": 200, "headers": {"Content-Type":"application/json"}, "body":
+        "{test:attack}"}'
+    output:
+      log:
+        expect_ids:
+        - 100093

generated/tests/regression/tests/MRTS_110_XML_100092.yaml → generated/tests/regression/tests/MRTS_110_XML_100095.yaml

@@ -5,10 +5,10 @@ meta:
   name: MRTS_110_XML.yaml
   description: Desc
 tests:
-- test_title: 100092-1
-  ruleid: 100092
+- test_title: 100095-1
+  ruleid: 100095
   test_id: 1
-  desc: 'Test case for rule 100092, #1'
+  desc: 'Test case for rule 100095, #1'
   stages:
   - description: Send request
     input:
@@ -27,4 +27,4 @@ tests:
     output:
       log:
         expect_ids:
-        - 100092
+        - 100095

generated/tests/regression/tests/MRTS_110_XML_100093.yaml → generated/tests/regression/tests/MRTS_110_XML_100096.yaml

@@ -5,10 +5,10 @@ meta:
   name: MRTS_110_XML.yaml
   description: Desc
 tests:
-- test_title: 100093-1
-  ruleid: 100093
+- test_title: 100096-1
+  ruleid: 100096
   test_id: 1
-  desc: 'Test case for rule 100093, #1'
+  desc: 'Test case for rule 100096, #1'
   stages:
   - description: Send request
     input:
@@ -27,4 +27,4 @@ tests:
     output:
       log:
         expect_ids:
-        - 100093
+        - 100096