1[ 2 { 3 "enabled":1, 4 "version_min":300000, 5 "title":"Testing XML request body parser (validate ok)", 6 "expected":{ 7 "debug_log": "XML: Successfully validated payload against Schema:" 8 }, 9 "client":{ 10 "ip":"200.249.12.31", 11 "port":123 12 }, 13 "request":{ 14 "headers":{ 15 "Host":"localhost", 16 "User-Agent":"curl/7.38.0", 17 "Accept":"*/*", 18 "Cookie": "PHPSESSID=rAAAAAAA2t5uvjq435r4q7ib3vtdjq120", 19 "Content-Type": "text/xml" 20 }, 21 "uri":"/?key=value&key=other_value", 22 "method":"POST", 23 "body": [ 24 "<?xml version=\"1.0\" encoding=\"utf-8\"?>", 25 " <soap:Envelope xmlns:soap=\"http://schemas.xmlsoap.org/soap/envelope/\"", 26 " xmlns:soapenc=\"http://schemas.xmlsoap.org/soap/encoding/\"", 27 " xmlns:tns=\"http://www.bluebank.example.com/axis/getBalance.jws\"", 28 " xmlns:types=\"http://www.bluebank.example.com/axis/getBalance.jws/encodedTypes\"", 29 " xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\"", 30 " xmlns:xsd=\"http://www.w3.org/2001/XMLSchema\">", 31 " <soap:Body soap:encodingStyle=\"http://schemas.xmlsoap.org/soap/encoding/\">", 32 " <q1:getInput xmlns:q1=\"http://DefaultNamespace\">", 33 " <id xsi:type=\"xsd:string\">12123</id>", 34 " </q1:getInput>", 35 " </soap:Body>", 36 "</soap:Envelope>" 37 ] 38 }, 39 "server":{ 40 "ip":"200.249.12.31", 41 "port":80 42 }, 43 "rules":[ 44 "SecRuleEngine On", 45 "SecRequestBodyAccess On", 46 "SecXMLExternalEntity On", 47 "SecRule REQUEST_HEADERS:Content-Type \"^text/xml$\" \"id:500005,phase:1,t:none,t:lowercase,nolog,pass,ctl:requestBodyProcessor=XML\"", 48 "SecRule XML \"@validateSchema test-cases/data/SoapEnvelope.xsd\" \"id:500007,phase:3,deny\"" 49 ] 50 }, 51 { 52 "enabled":1, 53 "version_min":300000, 54 "title":"Testing XML request body parser (validate attribute value failed)", 55 "expected":{ 56 "debug_log": "'badval' is not a valid value of the local atomic type", 57 "http_code": 403 58 }, 59 "client":{ 60 "ip":"200.249.12.31", 61 "port":123 62 }, 63 "request":{ 64 "headers":{ 65 "Host":"localhost", 66 "User-Agent":"curl/7.38.0", 67 "Accept":"*/*", 68 "Cookie": "PHPSESSID=rAAAAAAA2t5uvjq435r4q7ib3vtdjq120", 69 "Content-Type": "text/xml" 70 }, 71 "uri":"/?key=value&key=other_value", 72 "method":"POST", 73 "body": [ 74 "<?xml version=\"1.0\" encoding=\"utf-8\"?>", 75 " <soap:Envelope xmlns:soap=\"http://schemas.xmlsoap.org/soap/envelope/\"", 76 " xmlns:soapenc=\"http://schemas.xmlsoap.org/soap/encoding/\"", 77 " xmlns:tns=\"http://www.bluebank.example.com/axis/getBalance.jws\"", 78 " xmlns:types=\"http://www.bluebank.example.com/axis/getBalance.jws/encodedTypes\"", 79 " xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\"", 80 " xmlns:xsd=\"http://www.w3.org/2001/XMLSchema\">", 81 " <soap:Body soap:mustUnderstand=\"badval\" soap:encodingStyle=\"http://schemas.xmlsoap.org/soap/encoding/\">", 82 " <q1:getInput xmlns:q1=\"http://DefaultNamespace\">", 83 " <id xsi:type=\"xsd:string\">12123</id>", 84 " </q1:getInput>", 85 " </soap:Body>", 86 " </soap:Envelope>" 87 ] 88 }, 89 "server":{ 90 "ip":"200.249.12.31", 91 "port":80 92 }, 93 "rules":[ 94 "SecRuleEngine On", 95 "SecRequestBodyAccess On", 96 "SecXMLExternalEntity On", 97 "SecRule REQUEST_HEADERS:Content-Type \"^text/xml$\" \"id:500008,phase:1,t:none,t:lowercase,nolog,pass,ctl:requestBodyProcessor=XML\"", 98 "SecRule XML \"@validateSchema test-cases/data/SoapEnvelope.xsd\" \"id:500007,phase:3,deny\"" 99 ] 100 }, 101 { 102 "enabled":1, 103 "version_min":300000, 104 "title":"Testing XML request body parser (validate failed)", 105 "expected":{ 106 "debug_log": "This element is not expected. Expected is one of", 107 "http_code": 403 108 }, 109 "client":{ 110 "ip":"200.249.12.31", 111 "port":123 112 }, 113 "request":{ 114 "headers":{ 115 "Host":"localhost", 116 "User-Agent":"curl/7.38.0", 117 "Accept":"*/*", 118 "Cookie": "PHPSESSID=rAAAAAAA2t5uvjq435r4q7ib3vtdjq120", 119 "Content-Type": "text/xml" 120 }, 121 "uri":"/?key=value&key=other_value", 122 "method":"POST", 123 "body": [ 124 "<?xml version=\"1.0\" encoding=\"utf-8\"?>", 125 " <soap:Envelope xmlns:soap=\"http://schemas.xmlsoap.org/soap/envelope/\"", 126 " xmlns:soapenc=\"http://schemas.xmlsoap.org/soap/encoding/\"", 127 " xmlns:tns=\"http://www.bluebank.example.com/axis/getBalance.jws\"", 128 " xmlns:types=\"http://www.bluebank.example.com/axis/getBalance.jws/encodedTypes\"", 129 " xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\"", 130 " xmlns:xsd=\"http://www.w3.org/2001/XMLSchema\">", 131 " <soap:xBody soap:encodingStyle=\"http://schemas.xmlsoap.org/soap/encoding/\">", 132 " <q1:getInput xmlns:q1=\"http://DefaultNamespace\">", 133 " <id xsi:type=\"xsd:string\">12123</id>", 134 " </q1:getInput>", 135 " </soap:xBody>", 136 " </soap:Envelope>" 137 ] 138 }, 139 "server":{ 140 "ip":"200.249.12.31", 141 "port":80 142 }, 143 "rules":[ 144 "SecRuleEngine On", 145 "SecRequestBodyAccess On", 146 "SecXMLExternalEntity On", 147 "SecRule REQUEST_HEADERS:Content-Type \"^text/xml$\" \"id:500008,phase:1,t:none,t:lowercase,nolog,pass,ctl:requestBodyProcessor=XML\"", 148 "SecRule XML \"@validateSchema test-cases/data/SoapEnvelope.xsd\" \"id:500007,phase:3,deny\"" 149 ] 150 }, 151 { 152 "enabled":1, 153 "version_min":300000, 154 "title":"Testing XML request body parser (bad XML)", 155 "expected":{ 156 "debug_log": "XML Error: Element '{http://schemas.xmlsoap.org/soap/envelope/}xBody'", 157 "http_code": 403 158 }, 159 "client":{ 160 "ip":"200.249.12.31", 161 "port":123 162 }, 163 "request":{ 164 "headers":{ 165 "Host":"localhost", 166 "User-Agent":"curl/7.38.0", 167 "Accept":"*/*", 168 "Cookie": "PHPSESSID=rAAAAAAA2t5uvjq435r4q7ib3vtdjq120", 169 "Content-Type": "text/xml" 170 }, 171 "uri":"/?key=value&key=other_value", 172 "method":"POST", 173 "body": [ 174 "<?xml version=\"1.0\" encoding=\"utf-8\"?>", 175 " <soap:Envelope xmlns:soap=\"http://schemas.xmlsoap.org/soap/envelope/\"", 176 " xmlns:soapenc=\"http://schemas.xmlsoap.org/soap/encoding/\"", 177 " xmlns:tns=\"http://www.bluebank.example.com/axis/getBalance.jws\"", 178 " xmlns:types=\"http://www.bluebank.example.com/axis/getBalance.jws/encodedTypes\"", 179 " xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\"", 180 " xmlns:xsd=\"http://www.w3.org/2001/XMLSchema\">", 181 " <soap:xBody soap:encodingStyle=\"http://schemas.xmlsoap.org/soap/encoding/\">", 182 " <q1:getInput xmlns:q1=\"http://DefaultNamespace\">", 183 " <id xsi:type=\"xsd:string\">12123</id>", 184 " </q1:getInput>", 185 " </soap:xBody>", 186 " </soap:Envelope>" 187 ] 188 }, 189 "server":{ 190 "ip":"200.249.12.31", 191 "port":80 192 }, 193 "rules":[ 194 "SecRuleEngine On", 195 "SecRequestBodyAccess On", 196 "SecXMLExternalEntity On", 197 "SecRule REQUEST_HEADERS:Content-Type \"^text/xml$\" \"id:500008,phase:1,t:none,t:lowercase,nolog,pass,ctl:requestBodyProcessor=XML\"", 198 "SecRule XML \"@validateSchema test-cases/data/SoapEnvelope.xsd\" \"id:500007,phase:3,deny\"" 199 ] 200 }, 201 { 202 "enabled":1, 203 "version_min":300000, 204 "title":"Testing XML request body parser (bad schema)", 205 "expected":{ 206 "debug_log": "XML: Failed to load Schema: test-cases/data/SoapEnvelope-bad.xsd. XML Error: Failed to parse the XML resource 'test-cases/data/SoapEnvelope-bad.xsd", 207 "http_code": 403 208 }, 209 "client":{ 210 "ip":"200.249.12.31", 211 "port":123 212 }, 213 "request":{ 214 "headers":{ 215 "Host":"localhost", 216 "User-Agent":"curl/7.38.0", 217 "Accept":"*/*", 218 "Cookie": "PHPSESSID=rAAAAAAA2t5uvjq435r4q7ib3vtdjq120", 219 "Content-Type": "text/xml" 220 }, 221 "uri":"/?key=value&key=other_value", 222 "method":"POST", 223 "body": [ 224 "<?xml version=\"1.0\" encoding=\"utf-8\"?>", 225 " <soap:Envelope xmlns:soap=\"http://schemas.xmlsoap.org/soap/envelope/\"", 226 " xmlns:soapenc=\"http://schemas.xmlsoap.org/soap/encoding/\"", 227 " xmlns:tns=\"http://www.bluebank.example.com/axis/getBalance.jws\"", 228 " xmlns:types=\"http://www.bluebank.example.com/axis/getBalance.jws/encodedTypes\"", 229 " xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\"", 230 " xmlns:xsd=\"http://www.w3.org/2001/XMLSchema\">", 231 " <soap:Body soap:encodingStyle=\"http://schemas.xmlsoap.org/soap/encoding/\">", 232 " <q1:getInput xmlns:q1=\"http://DefaultNamespace\">", 233 " <id xsi:type=\"xsd:string\">12123</id>", 234 " </q1:getInput>", 235 " </soap:Body>", 236 "</soap:Envelope>" 237 ] 238 }, 239 "server":{ 240 "ip":"200.249.12.31", 241 "port":80 242 }, 243 "rules":[ 244 "SecRuleEngine On", 245 "SecRequestBodyAccess On", 246 "SecXMLExternalEntity On", 247 "SecRule REQUEST_HEADERS:Content-Type \"^text/xml$\" \"id:500008,phase:1,t:none,t:lowercase,nolog,pass,ctl:requestBodyProcessor=XML\"", 248 "SecRule XML \"@validateSchema test-cases/data/SoapEnvelope-bad.xsd\" \"id:500007,phase:3,deny\"" 249 ] 250 } 251] 252 253