1[ 2 { 3 "enabled":1, 4 "version_min":300000, 5 "title":"Testing XML request body parser - validateDTD (validate ok)", 6 "expected":{ 7 "debug_log": "XML: Successfully validated payload against DTD: test-cases/data/SoapEnvelope.dtd" 8 }, 9 "client":{ 10 "ip":"200.249.12.31", 11 "port":123 12 }, 13 "request":{ 14 "headers":{ 15 "Host":"localhost", 16 "User-Agent":"curl/7.38.0", 17 "Accept":"*/*", 18 "Cookie": "PHPSESSID=rAAAAAAA2t5uvjq435r4q7ib3vtdjq120", 19 "Content-Type": "text/xml" 20 }, 21 "uri":"/?key=value&key=other_value", 22 "method":"POST", 23 "body": [ 24 "<?xml version=\"1.0\" encoding=\"utf-8\"?>", 25 " <!DOCTYPE Envelope SYSTEM \"SoapEnvelope.dtd\">", 26 " <Envelope>", 27 " <Body>", 28 " <getInput>", 29 " <id type=\"string\">12123</id>", 30 " </getInput>", 31 " </Body>", 32 " </Envelope>" 33 ] 34 }, 35 "server":{ 36 "ip":"200.249.12.31", 37 "port":80 38 }, 39 "rules":[ 40 "SecRuleEngine On", 41 "SecRequestBodyAccess On", 42 "SecXMLExternalEntity On", 43 "SecRule REQUEST_HEADERS:Content-Type \"^text/xml$\" \"id:500008,phase:1,t:none,t:lowercase,nolog,pass,ctl:requestBodyProcessor=XML\"", 44 "SecRule XML \"@validateDTD test-cases/data/SoapEnvelope.dtd\" \"id:500007,phase:3,deny\"" 45 ] 46 }, 47 { 48 "enabled":1, 49 "version_min":300000, 50 "title":"Testing XML request body parser - validateDTD (validation failed)", 51 "expected":{ 52 "debug_log": "XML Error: No declaration for element xBody", 53 "http_code": 403 54 }, 55 "client":{ 56 "ip":"200.249.12.31", 57 "port":123 58 }, 59 "request":{ 60 "headers":{ 61 "Host":"localhost", 62 "User-Agent":"curl/7.38.0", 63 "Accept":"*/*", 64 "Cookie": "PHPSESSID=rAAAAAAA2t5uvjq435r4q7ib3vtdjq120", 65 "Content-Type": "text/xml" 66 }, 67 "uri":"/?key=value&key=other_value", 68 "method":"POST", 69 "body": [ 70 "<?xml version=\"1.0\" encoding=\"utf-8\"?>", 71 " <!DOCTYPE Envelope SYSTEM \"SoapEnvelope.dtd\">", 72 " <Envelope>", 73 " <xBody>", 74 " <getInput>", 75 " <id type=\"string\">12123</id>", 76 " </getInput>", 77 " </xBody>", 78 " </Envelope>" 79 ] 80 }, 81 "server":{ 82 "ip":"200.249.12.31", 83 "port":80 84 }, 85 "rules":[ 86 "SecRuleEngine On", 87 "SecRequestBodyAccess On", 88 "SecXMLExternalEntity On", 89 "SecRule REQUEST_HEADERS:Content-Type \"^text/xml$\" \"id:500008,phase:1,t:none,t:lowercase,nolog,pass,ctl:requestBodyProcessor=XML\"", 90 "SecRule XML \"@validateDTD test-cases/data/SoapEnvelope.dtd\" \"id:500007,phase:3,deny\"" 91 ] 92 }, 93 { 94 "enabled":1, 95 "version_min":300000, 96 "title":"Testing XML request body parser - validateDTD (bad XML)", 97 "expected":{ 98 "debug_log": "XML: DTD validation failed because content is not well formed", 99 "http_code": 403 100 }, 101 "client":{ 102 "ip":"200.249.12.31", 103 "port":123 104 }, 105 "request":{ 106 "headers":{ 107 "Host":"localhost", 108 "User-Agent":"curl/7.38.0", 109 "Accept":"*/*", 110 "Cookie": "PHPSESSID=rAAAAAAA2t5uvjq435r4q7ib3vtdjq120", 111 "Content-Type": "text/xml" 112 }, 113 "uri":"/?key=value&key=other_value", 114 "method":"POST", 115 "body": [ 116 "<?xml version=\"1.0\" encoding=\"utf-8\"?>", 117 "<!DOCTYPE Envelope SYSTEM \"SoapEnvelope.dtd\">", 118 " <Envelop>", 119 " <Body>", 120 " <getInput>", 121 " <id type=\"string\">12123</id>", 122 " </getInput>", 123 " </Body>", 124 " </Envelope>" 125 ] 126 }, 127 "server":{ 128 "ip":"200.249.12.31", 129 "port":80 130 }, 131 "rules":[ 132 "SecRuleEngine On", 133 "SecRequestBodyAccess On", 134 "SecXMLExternalEntity On", 135 "SecRule REQUEST_HEADERS:Content-Type \"^text/xml$\" \"id:500008,phase:1,t:none,t:lowercase,nolog,pass,ctl:requestBodyProcessor=XML\"", 136 "SecRule XML \"@validateDTD test-cases/data/SoapEnvelope.dtd\" \"id:500007,phase:3,deny\"" 137 ] 138 }, 139 { 140 "enabled":1, 141 "version_min":300000, 142 "title":"Testing XML request body parser - validateDTD (bad DTD)", 143 "expected":{ 144 "debug_log": "Failed to load DTD: test-cases/data/SoapEnvelope-bad.dtd", 145 "http_code": 403 146 }, 147 "client":{ 148 "ip":"200.249.12.31", 149 "port":123 150 }, 151 "request":{ 152 "headers":{ 153 "Host":"localhost", 154 "User-Agent":"curl/7.38.0", 155 "Accept":"*/*", 156 "Cookie": "PHPSESSID=rAAAAAAA2t5uvjq435r4q7ib3vtdjq120", 157 "Content-Type": "text/xml" 158 }, 159 "uri":"/?key=value&key=other_value", 160 "method":"POST", 161 "body": [ 162 "<?xml version=\"1.0\" encoding=\"utf-8\"?>", 163 " <!DOCTYPE Envelope SYSTEM \"SoapEnvelope.dtd\">", 164 " <Envelope>", 165 " <Body>", 166 " <getInput>", 167 " <id type=\"string\">12123</id>", 168 " </getInput>", 169 " </Body>", 170 " </Envelope>" 171 ] 172 }, 173 "server":{ 174 "ip":"200.249.12.31", 175 "port":80 176 }, 177 "rules":[ 178 "SecRuleEngine On", 179 "SecRequestBodyAccess On", 180 "SecXMLExternalEntity On", 181 "SecRule REQUEST_HEADERS:Content-Type \"^text/xml$\" \"id:500008,phase:1,t:none,t:lowercase,nolog,pass,ctl:requestBodyProcessor=XML\"", 182 "SecRule XML \"@validateDTD test-cases/data/SoapEnvelope-bad.dtd\" \"id:500007,phase:3,deny\"" 183 ] 184 } 185] 186 187