From 6a0378ee7cf0c53df719a1895717c5fa5278a660 Mon Sep 17 00:00:00 2001 From: bui Date: Tue, 14 Feb 2017 10:10:59 +0100 Subject: [PATCH] improve coverage on conflicting targets --- t/25extra-coverage.t | 152 +++++++++++++++++++++++++++++++++++++++++++ t/29regression.t | 59 +++++++++++++++++ 2 files changed, 211 insertions(+) diff --git a/t/25extra-coverage.t b/t/25extra-coverage.t index d21b9ba2..c5a4ed4c 100644 --- a/t/25extra-coverage.t +++ b/t/25extra-coverage.t @@ -210,6 +210,158 @@ location /RequestDenied { --- request GET /ratata?x=tututu --- error_code: 412 +=== TEST 1.5.0: HEADER_VAR_X +--- main_config +load_module /tmp/naxsi_ut/modules/ngx_http_naxsi_module.so; +--- http_config +MainRule id:4241 "str:ratata" "mz:$HEADERS_VAR_X:ruuu" "s:BLOCK"; +include /tmp/naxsi_ut/naxsi_core.rules; +--- config +set $naxsi_extensive_log 1; +set $naxsi_flag_post_acton 1; +location / { + SecRulesEnabled; +# BasicRule id:4241 "str:ratata" "mz:URL" "s:BLOCK"; + DeniedUrl "/RequestDenied"; + CheckRule "$SQL >= 8" BLOCK; + CheckRule "$RFI >= 8" BLOCK; + CheckRule "$TRAVERSAL >= 4" BLOCK; + CheckRule "$XSS >= 8" BLOCK; + CheckRule "$TEST >= 8" ALLOW; + + root $TEST_NGINX_SERVROOT/html/; + index index.html index.htm; +} +location /RequestDenied { + return 412; + # return 412; +} +--- more_headers +ruuu: ratata1 +--- request +GET /ratata?x=tututu +--- error_code: 412 +=== TEST 1.5.1: HEADER_VAR_X +--- main_config +load_module /tmp/naxsi_ut/modules/ngx_http_naxsi_module.so; +--- http_config +MainRule id:4241 "str:ratata" "mz:$HEADERS_VAR_X:ruuu|$URL_X:^/fufu" "s:BLOCK"; +include /tmp/naxsi_ut/naxsi_core.rules; +--- config +set $naxsi_extensive_log 1; +set $naxsi_flag_post_acton 1; +location / { + SecRulesEnabled; +# BasicRule id:4241 "str:ratata" "mz:URL" "s:BLOCK"; + DeniedUrl "/RequestDenied"; + CheckRule "$SQL >= 8" BLOCK; + CheckRule "$RFI >= 8" BLOCK; + CheckRule "$TRAVERSAL >= 4" BLOCK; + CheckRule "$XSS >= 8" BLOCK; + CheckRule "$TEST >= 8" ALLOW; + + root $TEST_NGINX_SERVROOT/html/; + index index.html index.htm; +} +location /RequestDenied { + return 412; + # return 412; +} +--- more_headers +ruuu: ratata1 +--- request +GET /fufu?x=tututu +--- error_code: 412 +=== TEST 1.5.2: HEADER_VAR_X +--- main_config +load_module /tmp/naxsi_ut/modules/ngx_http_naxsi_module.so; +--- http_config +MainRule id:4241 "str:ratata" "mz:$HEADERS_VAR_X:ruuu|$URL_X:^/fufu" "s:BLOCK"; +include /tmp/naxsi_ut/naxsi_core.rules; +--- config +set $naxsi_extensive_log 1; +set $naxsi_flag_post_acton 1; +location / { + SecRulesEnabled; +# BasicRule id:4241 "str:ratata" "mz:URL" "s:BLOCK"; + DeniedUrl "/RequestDenied"; + CheckRule "$SQL >= 8" BLOCK; + CheckRule "$RFI >= 8" BLOCK; + CheckRule "$TRAVERSAL >= 4" BLOCK; + CheckRule "$XSS >= 8" BLOCK; + CheckRule "$TEST >= 8" ALLOW; + + root $TEST_NGINX_SERVROOT/html/; + index index.html index.htm; +} +location /RequestDenied { + return 412; + # return 412; +} +--- more_headers +ruuu: ratata1 +--- request +GET /fuf?x=tututu +--- error_code: 404 +=== TEST 1.6.0: URL + URL wl +--- main_config +load_module /tmp/naxsi_ut/modules/ngx_http_naxsi_module.so; +--- http_config +MainRule id:4241 "str:ratata" "mz:URL" "s:BLOCK"; +include /tmp/naxsi_ut/naxsi_core.rules; +--- config +set $naxsi_extensive_log 1; +set $naxsi_flag_post_acton 1; +location / { + SecRulesEnabled; + BasicRule wl:4241 "mz:URL"; + DeniedUrl "/RequestDenied"; + CheckRule "$SQL >= 8" BLOCK; + CheckRule "$RFI >= 8" BLOCK; + CheckRule "$TRAVERSAL >= 4" BLOCK; + CheckRule "$XSS >= 8" BLOCK; + CheckRule "$TEST >= 8" ALLOW; + + root $TEST_NGINX_SERVROOT/html/; + index index.html index.htm; +} +location /RequestDenied { + return 412; + # return 412; +} +--- request +GET /ratata +--- error_code: 404 +=== TEST 1.6.1: URL + URL wl +--- main_config +load_module /tmp/naxsi_ut/modules/ngx_http_naxsi_module.so; +--- http_config +MainRule id:4241 "str:ratata" "mz:URL" "s:BLOCK"; +include /tmp/naxsi_ut/naxsi_core.rules; +--- config +set $naxsi_extensive_log 1; +set $naxsi_flag_post_acton 1; +location / { + SecRulesEnabled; + BasicRule wl:4241 "mz:BODY"; + DeniedUrl "/RequestDenied"; + CheckRule "$SQL >= 8" BLOCK; + CheckRule "$RFI >= 8" BLOCK; + CheckRule "$TRAVERSAL >= 4" BLOCK; + CheckRule "$XSS >= 8" BLOCK; + CheckRule "$TEST >= 8" ALLOW; + + root $TEST_NGINX_SERVROOT/html/; + index index.html index.htm; +} +location /RequestDenied { + return 412; + # return 412; +} +--- request +GET /ratata +--- error_code: 412 + diff --git a/t/29regression.t b/t/29regression.t index 087231b3..b49ddc68 100644 --- a/t/29regression.t +++ b/t/29regression.t @@ -149,4 +149,63 @@ location /RequestDenied { --- request GET /qquoteadv?id=iyxnlnjrf1 --- error_code: 412 +=== WL TEST 2.0: log + drop +--- main_config +load_module /tmp/naxsi_ut/modules/ngx_http_naxsi_module.so; +--- http_config +include /tmp/naxsi_ut/naxsi_core.rules; +MainRule negative "rx:^[\d_-]+$" "mz:$ARGS_VAR:id" "s:$LOG_TEST:1" "msg:wordpress < 4.7.2 wp-json" id:42000530; +MainRule negative "rx:^[\d_-]+$" "mz:$BODY_VAR:id" "s:$LOG_TEST:1" "msg:wordpress < 4.7.2 wp-json" id:42000529; +MainRule negative "rx:^\d+$" "mz:$ARGS_VAR_X:^id$|$URL_X:/wp-json/wp/v2/" "s:$UWA:8" "msg:wordpress < 4.7.2 wp-json" id:42000531; +MainRule negative "rx:^\d+$" "mz:$URL_X:/wp-json/wp/v2/|$BODY_VAR_X:^id$" "s:$UWA:8" "msg:wordpress < 4.7.2 wp-json" id:42000532; +--- config +location / { + SecRulesEnabled; + CheckRule "$LOG_TEST >= 1" LOG; + CheckRule "$UWA >= 8" DROP; + DeniedUrl "/RequestDenied"; + CheckRule "$SQL >= 4" BLOCK; + root $TEST_NGINX_SERVROOT/html/; + index index.html index.htm; +} +location /RequestDenied { + return 412; +} +--- more_headers +Content-Type: application/x-www-form-urlencoded +--- request eval +use URI::Escape; +"POST /wp-json/wp/v2/posts/111 +id=1a&foo2=bar2" +--- error_code: 412 +=== WL TEST 2.01: log + block +--- main_config +load_module /tmp/naxsi_ut/modules/ngx_http_naxsi_module.so; + +--- http_config +include /tmp/naxsi_ut/naxsi_core.rules; +MainRule negative "rx:^[\d_-]+$" "mz:$ARGS_VAR:id" "s:$LOG_TEST:1" "msg:wordpress < 4.7.2 wp-json" id:42000530; +MainRule negative "rx:^[\d_-]+$" "mz:$BODY_VAR:id" "s:$LOG_TEST:1" "msg:wordpress < 4.7.2 wp-json" id:42000529; +MainRule negative "rx:^\d+$" "mz:$ARGS_VAR_X:^id$|$URL_X:/wp-json/wp/v2/" "s:$UWA:8" "msg:wordpress < 4.7.2 wp-json" id:42000531; +MainRule negative "rx:^\d+$" "mz:$URL_X:/wp-json/wp/v2/|$BODY_VAR_X:^id$" "s:$UWA:8" "msg:wordpress < 4.7.2 wp-json" id:42000532; +--- config +location / { + SecRulesEnabled; + CheckRule "$LOG_TEST >= 1" LOG; + CheckRule "$UWA >= 8" BLOCK; + DeniedUrl "/RequestDenied"; + CheckRule "$SQL >= 4" BLOCK; + root $TEST_NGINX_SERVROOT/html/; + index index.html index.htm; +} +location /RequestDenied { + return 412; +} +--- more_headers +Content-Type: application/x-www-form-urlencoded +--- request eval +use URI::Escape; +"POST /wp-json/wp/v2/posts/111 +id=1a&foo2=bar2" +--- error_code: 412