improve coverage on conflicting targets

nbs-system · Feb 14, 2017 · 6a0378e · 6a0378e
1 parent 8452e7a
commit 6a0378e
Show file tree

Hide file tree

Showing 2 changed files with 211 additions and 0 deletions.
diff --git a/t/25extra-coverage.t b/t/25extra-coverage.t
@@ -210,6 +210,158 @@ location /RequestDenied {
 --- request
 GET /ratata?x=tututu
 --- error_code: 412
+=== TEST 1.5.0: HEADER_VAR_X
+--- main_config
+load_module /tmp/naxsi_ut/modules/ngx_http_naxsi_module.so;
+--- http_config
+MainRule id:4241 "str:ratata" "mz:$HEADERS_VAR_X:ruuu" "s:BLOCK";
+include /tmp/naxsi_ut/naxsi_core.rules;
+--- config
+set $naxsi_extensive_log 1;
+set $naxsi_flag_post_acton 1;
+location / {
+	 SecRulesEnabled;
+#	 BasicRule id:4241 "str:ratata" "mz:URL" "s:BLOCK";
+	 DeniedUrl "/RequestDenied";
+	 CheckRule "$SQL >= 8" BLOCK;
+	 CheckRule "$RFI >= 8" BLOCK;
+	 CheckRule "$TRAVERSAL >= 4" BLOCK;
+	 CheckRule "$XSS >= 8" BLOCK;
+	 CheckRule "$TEST >= 8" ALLOW;
+
+  	 root $TEST_NGINX_SERVROOT/html/;
+         index index.html index.htm;
+}
+location /RequestDenied {
+	 return 412;
+	# return 412;
+}
+--- more_headers
+ruuu: ratata1
+--- request
+GET /ratata?x=tututu
+--- error_code: 412
+=== TEST 1.5.1: HEADER_VAR_X
+--- main_config
+load_module /tmp/naxsi_ut/modules/ngx_http_naxsi_module.so;
+--- http_config
+MainRule id:4241 "str:ratata" "mz:$HEADERS_VAR_X:ruuu|$URL_X:^/fufu" "s:BLOCK";
+include /tmp/naxsi_ut/naxsi_core.rules;
+--- config
+set $naxsi_extensive_log 1;
+set $naxsi_flag_post_acton 1;
+location / {
+	 SecRulesEnabled;
+#	 BasicRule id:4241 "str:ratata" "mz:URL" "s:BLOCK";
+	 DeniedUrl "/RequestDenied";
+	 CheckRule "$SQL >= 8" BLOCK;
+	 CheckRule "$RFI >= 8" BLOCK;
+	 CheckRule "$TRAVERSAL >= 4" BLOCK;
+	 CheckRule "$XSS >= 8" BLOCK;
+	 CheckRule "$TEST >= 8" ALLOW;
+
+  	 root $TEST_NGINX_SERVROOT/html/;
+         index index.html index.htm;
+}
+location /RequestDenied {
+	 return 412;
+	# return 412;
+}
+--- more_headers
+ruuu: ratata1
+--- request
+GET /fufu?x=tututu
+--- error_code: 412
+=== TEST 1.5.2: HEADER_VAR_X
+--- main_config
+load_module /tmp/naxsi_ut/modules/ngx_http_naxsi_module.so;
+--- http_config
+MainRule id:4241 "str:ratata" "mz:$HEADERS_VAR_X:ruuu|$URL_X:^/fufu" "s:BLOCK";
+include /tmp/naxsi_ut/naxsi_core.rules;
+--- config
+set $naxsi_extensive_log 1;
+set $naxsi_flag_post_acton 1;
+location / {
+	 SecRulesEnabled;
+#	 BasicRule id:4241 "str:ratata" "mz:URL" "s:BLOCK";
+	 DeniedUrl "/RequestDenied";
+	 CheckRule "$SQL >= 8" BLOCK;
+	 CheckRule "$RFI >= 8" BLOCK;
+	 CheckRule "$TRAVERSAL >= 4" BLOCK;
+	 CheckRule "$XSS >= 8" BLOCK;
+	 CheckRule "$TEST >= 8" ALLOW;
+
+  	 root $TEST_NGINX_SERVROOT/html/;
+         index index.html index.htm;
+}
+location /RequestDenied {
+	 return 412;
+	# return 412;
+}
+--- more_headers
+ruuu: ratata1
+--- request
+GET /fuf?x=tututu
+--- error_code: 404
+=== TEST 1.6.0: URL + URL wl
+--- main_config
+load_module /tmp/naxsi_ut/modules/ngx_http_naxsi_module.so;
+--- http_config
+MainRule id:4241 "str:ratata" "mz:URL" "s:BLOCK";
+include /tmp/naxsi_ut/naxsi_core.rules;
+--- config
+set $naxsi_extensive_log 1;
+set $naxsi_flag_post_acton 1;
+location / {
+	 SecRulesEnabled;
+	 BasicRule wl:4241 "mz:URL";
+	 DeniedUrl "/RequestDenied";
+	 CheckRule "$SQL >= 8" BLOCK;
+	 CheckRule "$RFI >= 8" BLOCK;
+	 CheckRule "$TRAVERSAL >= 4" BLOCK;
+	 CheckRule "$XSS >= 8" BLOCK;
+	 CheckRule "$TEST >= 8" ALLOW;
+
+  	 root $TEST_NGINX_SERVROOT/html/;
+         index index.html index.htm;
+}
+location /RequestDenied {
+	 return 412;
+	# return 412;
+}
+--- request
+GET /ratata
+--- error_code: 404
+=== TEST 1.6.1: URL + URL wl
+--- main_config
+load_module /tmp/naxsi_ut/modules/ngx_http_naxsi_module.so;
+--- http_config
+MainRule id:4241 "str:ratata" "mz:URL" "s:BLOCK";
+include /tmp/naxsi_ut/naxsi_core.rules;
+--- config
+set $naxsi_extensive_log 1;
+set $naxsi_flag_post_acton 1;
+location / {
+	 SecRulesEnabled;
+	 BasicRule wl:4241 "mz:BODY";
+	 DeniedUrl "/RequestDenied";
+	 CheckRule "$SQL >= 8" BLOCK;
+	 CheckRule "$RFI >= 8" BLOCK;
+	 CheckRule "$TRAVERSAL >= 4" BLOCK;
+	 CheckRule "$XSS >= 8" BLOCK;
+	 CheckRule "$TEST >= 8" ALLOW;
+
+  	 root $TEST_NGINX_SERVROOT/html/;
+         index index.html index.htm;
+}
+location /RequestDenied {
+	 return 412;
+	# return 412;
+}
+--- request
+GET /ratata
+--- error_code: 412
+
 
 
 

diff --git a/t/29regression.t b/t/29regression.t
@@ -149,4 +149,63 @@ location /RequestDenied {
 --- request
 GET /qquoteadv?id=iyxnlnjrf1
 --- error_code: 412
+=== WL TEST 2.0: log + drop
+--- main_config
+load_module /tmp/naxsi_ut/modules/ngx_http_naxsi_module.so;
 
+--- http_config
+include /tmp/naxsi_ut/naxsi_core.rules;
+MainRule negative "rx:^[\d_-]+$" "mz:$ARGS_VAR:id" "s:$LOG_TEST:1" "msg:wordpress < 4.7.2 wp-json" id:42000530;
+MainRule negative "rx:^[\d_-]+$" "mz:$BODY_VAR:id" "s:$LOG_TEST:1" "msg:wordpress < 4.7.2 wp-json" id:42000529;
+MainRule negative "rx:^\d+$" "mz:$ARGS_VAR_X:^id$|$URL_X:/wp-json/wp/v2/" "s:$UWA:8" "msg:wordpress < 4.7.2 wp-json" id:42000531;
+MainRule negative "rx:^\d+$" "mz:$URL_X:/wp-json/wp/v2/|$BODY_VAR_X:^id$" "s:$UWA:8" "msg:wordpress < 4.7.2 wp-json" id:42000532;
+--- config
+location / {
+         SecRulesEnabled;
+	 CheckRule "$LOG_TEST >= 1" LOG;
+	 CheckRule "$UWA >= 8" DROP;
+         DeniedUrl "/RequestDenied";
+         CheckRule "$SQL >= 4" BLOCK;
+         root $TEST_NGINX_SERVROOT/html/;
+         index index.html index.htm;
+}
+location /RequestDenied {
+         return 412;
+}
+--- more_headers
+Content-Type: application/x-www-form-urlencoded
+--- request eval
+use URI::Escape;
+"POST /wp-json/wp/v2/posts/111
+id=1a&foo2=bar2"
+--- error_code: 412
+=== WL TEST 2.01: log + block
+--- main_config
+load_module /tmp/naxsi_ut/modules/ngx_http_naxsi_module.so;
+
+--- http_config
+include /tmp/naxsi_ut/naxsi_core.rules;
+MainRule negative "rx:^[\d_-]+$" "mz:$ARGS_VAR:id" "s:$LOG_TEST:1" "msg:wordpress < 4.7.2 wp-json" id:42000530;
+MainRule negative "rx:^[\d_-]+$" "mz:$BODY_VAR:id" "s:$LOG_TEST:1" "msg:wordpress < 4.7.2 wp-json" id:42000529;
+MainRule negative "rx:^\d+$" "mz:$ARGS_VAR_X:^id$|$URL_X:/wp-json/wp/v2/" "s:$UWA:8" "msg:wordpress < 4.7.2 wp-json" id:42000531;
+MainRule negative "rx:^\d+$" "mz:$URL_X:/wp-json/wp/v2/|$BODY_VAR_X:^id$" "s:$UWA:8" "msg:wordpress < 4.7.2 wp-json" id:42000532;
+--- config
+location / {
+         SecRulesEnabled;
+	 CheckRule "$LOG_TEST >= 1" LOG;
+	 CheckRule "$UWA >= 8" BLOCK;
+         DeniedUrl "/RequestDenied";
+         CheckRule "$SQL >= 4" BLOCK;
+         root $TEST_NGINX_SERVROOT/html/;
+         index index.html index.htm;
+}
+location /RequestDenied {
+         return 412;
+}
+--- more_headers
+Content-Type: application/x-www-form-urlencoded
+--- request eval
+use URI::Escape;
+"POST /wp-json/wp/v2/posts/111
+id=1a&foo2=bar2"
+--- error_code: 412