1#vi:filetype=perl
2
3
4# A AJOUTER :
5# TEST CASE AVEC UNE REGLE SUR UN HEADER GENERIQUE
6# La même sur des arguments :)
7
8use lib 'lib';
9use Test::Nginx::Socket;
10
11plan tests => repeat_each(2) * blocks();
12no_root_location();
13no_long_string();
14$ENV{TEST_NGINX_SERVROOT} = server_root();
15run_tests();
16
17__DATA__
18
19=== WL TEST 1.0
20--- main_config
21load_module /tmp/naxsi_ut/modules/ngx_http_naxsi_module.so;
22--- http_config
23include /tmp/naxsi_ut/naxsi_core.rules;
24MainRule negative "str:foobar" "msg:foobar test pattern" "mz:$ARGS_VAR:b" "s:$SQL:42" id:1999;
25--- config
26location / {
27	 #LearningMode;
28	 SecRulesEnabled;
29	 DeniedUrl "/RequestDenied";
30	 CheckRule "$SQL >= 8" BLOCK;
31	 CheckRule "$RFI >= 8" BLOCK;
32	 CheckRule "$TRAVERSAL >= 4" BLOCK;
33	 CheckRule "$XSS >= 8" BLOCK;
34  	 root $TEST_NGINX_SERVROOT/html/;
35         index index.html index.htm;
36}
37location /RequestDenied {
38	 return 412;
39}
40--- request
41GET /?b=toto
42--- error_code: 412
43
44=== WL TEST 1.01
45--- main_config
46load_module /tmp/naxsi_ut/modules/ngx_http_naxsi_module.so;
47--- http_config
48include /tmp/naxsi_ut/naxsi_core.rules;
49MainRule negative "str:foobar" "msg:foobar test pattern" "mz:$ARGS_VAR:b" "s:$SQL:42" id:1999;
50--- config
51location / {
52	 #LearningMode;
53	 SecRulesEnabled;
54	 DeniedUrl "/RequestDenied";
55	 CheckRule "$SQL >= 8" BLOCK;
56	 CheckRule "$RFI >= 8" BLOCK;
57	 CheckRule "$TRAVERSAL >= 4" BLOCK;
58	 CheckRule "$XSS >= 8" BLOCK;
59  	 root $TEST_NGINX_SERVROOT/html/;
60         index index.html index.htm;
61}
62location /RequestDenied {
63	 return 412;
64}
65--- request
66GET /?b=foobar
67--- error_code: 200
68
69=== WL TEST 1.03
70--- main_config
71load_module /tmp/naxsi_ut/modules/ngx_http_naxsi_module.so;
72--- http_config
73include /tmp/naxsi_ut/naxsi_core.rules;
74MainRule negative "str:foobar" "msg:foobar test pattern" "mz:$URL:/|$ARGS_VAR:b" "s:$SQL:42" id:1999;
75--- config
76location / {
77	 #LearningMode;
78	 SecRulesEnabled;
79	 DeniedUrl "/RequestDenied";
80	 CheckRule "$SQL >= 8" BLOCK;
81	 CheckRule "$RFI >= 8" BLOCK;
82	 CheckRule "$TRAVERSAL >= 4" BLOCK;
83	 CheckRule "$XSS >= 8" BLOCK;
84  	 root $TEST_NGINX_SERVROOT/html/;
85         index index.html index.htm;
86}
87location /RequestDenied {
88	 return 412;
89}
90--- request
91GET /a?b=foobar
92--- error_code: 404
93
94=== WL TEST 1.04
95--- main_config
96load_module /tmp/naxsi_ut/modules/ngx_http_naxsi_module.so;
97--- http_config
98include /tmp/naxsi_ut/naxsi_core.rules;
99MainRule negative "str:foobar" "msg:foobar test pattern" "mz:$URL:/a|$ARGS_VAR:b" "s:$SQL:42" id:1999;
100--- config
101location / {
102	 #LearningMode;
103	 SecRulesEnabled;
104	 DeniedUrl "/RequestDenied";
105	 CheckRule "$SQL >= 8" BLOCK;
106	 CheckRule "$RFI >= 8" BLOCK;
107	 CheckRule "$TRAVERSAL >= 4" BLOCK;
108	 CheckRule "$XSS >= 8" BLOCK;
109  	 root $TEST_NGINX_SERVROOT/html/;
110         index index.html index.htm;
111}
112location /RequestDenied {
113	 return 412;
114}
115--- request
116GET /a?b=foobrar
117--- error_code: 412
118
119
120
121=== WL TEST 2.0
122--- main_config
123load_module /tmp/naxsi_ut/modules/ngx_http_naxsi_module.so;
124--- http_config
125include /tmp/naxsi_ut/naxsi_core.rules;
126MainRule negative "rx:foobar" "msg:foobar test pattern" "mz:$URL:/a|$ARGS_VAR:b" "s:$SQL:42" id:1999;
127--- config
128location / {
129	 #LearningMode;
130	 SecRulesEnabled;
131	 DeniedUrl "/RequestDenied";
132	 CheckRule "$SQL >= 8" BLOCK;
133	 CheckRule "$RFI >= 8" BLOCK;
134	 CheckRule "$TRAVERSAL >= 4" BLOCK;
135	 CheckRule "$XSS >= 8" BLOCK;
136  	 root $TEST_NGINX_SERVROOT/html/;
137         index index.html index.htm;
138}
139location /RequestDenied {
140	 return 412;
141}
142--- request
143GET /a?b=foobrar
144--- error_code: 412
145
146
147
148=== WL TEST 2.01
149--- main_config
150load_module /tmp/naxsi_ut/modules/ngx_http_naxsi_module.so;
151--- http_config
152include /tmp/naxsi_ut/naxsi_core.rules;
153MainRule negative "rx:foobar" "msg:foobar test pattern" "mz:$URL:/a|$ARGS_VAR:b" "s:$SQL:42" id:1999;
154--- config
155location / {
156	 #LearningMode;
157	 SecRulesEnabled;
158	 DeniedUrl "/RequestDenied";
159	 CheckRule "$SQL >= 8" BLOCK;
160	 CheckRule "$RFI >= 8" BLOCK;
161	 CheckRule "$TRAVERSAL >= 4" BLOCK;
162	 CheckRule "$XSS >= 8" BLOCK;
163  	 root $TEST_NGINX_SERVROOT/html/;
164         index index.html index.htm;
165}
166location /RequestDenied {
167	 return 412;
168}
169--- request
170GET /a?b=foobar
171--- error_code: 404
172
173
174=== WL TEST 2.02
175--- main_config
176load_module /tmp/naxsi_ut/modules/ngx_http_naxsi_module.so;
177--- http_config
178include /tmp/naxsi_ut/naxsi_core.rules;
179MainRule negative "rx:^foobar" "msg:foobar test pattern" "mz:$URL:/a|$ARGS_VAR:b" "s:$SQL:42" id:1999;
180--- config
181location / {
182	 #LearningMode;
183	 SecRulesEnabled;
184	 DeniedUrl "/RequestDenied";
185	 CheckRule "$SQL >= 8" BLOCK;
186	 CheckRule "$RFI >= 8" BLOCK;
187	 CheckRule "$TRAVERSAL >= 4" BLOCK;
188	 CheckRule "$XSS >= 8" BLOCK;
189  	 root $TEST_NGINX_SERVROOT/html/;
190         index index.html index.htm;
191}
192location /RequestDenied {
193	 return 412;
194}
195--- request
196GET /?b=foobar
197--- error_code: 200
198
199=== WL TEST 2.03
200--- main_config
201load_module /tmp/naxsi_ut/modules/ngx_http_naxsi_module.so;
202--- http_config
203include /tmp/naxsi_ut/naxsi_core.rules;
204MainRule negative "rx:^foobar" "msg:foobar test pattern" "mz:$URL:/a|$ARGS_VAR:b" "s:$SQL:42" id:1999;
205--- config
206location / {
207	 #LearningMode;
208	 SecRulesEnabled;
209	 DeniedUrl "/RequestDenied";
210	 CheckRule "$SQL >= 8" BLOCK;
211	 CheckRule "$RFI >= 8" BLOCK;
212	 CheckRule "$TRAVERSAL >= 4" BLOCK;
213	 CheckRule "$XSS >= 8" BLOCK;
214  	 root $TEST_NGINX_SERVROOT/html/;
215         index index.html index.htm;
216}
217location /RequestDenied {
218	 return 412;
219}
220--- request
221GET /a?b=rfoobar
222--- error_code: 412
223
224
225
226
227
228=== WL TEST 2.04
229--- main_config
230load_module /tmp/naxsi_ut/modules/ngx_http_naxsi_module.so;
231--- http_config
232include /tmp/naxsi_ut/naxsi_core.rules;
233MainRule negative "rx:^foobar" "msg:foobar test pattern" "mz:$URL:/a|$ARGS_VAR:b" "s:$SQL:42" id:1999;
234--- config
235location / {
236	 #LearningMode;
237	 SecRulesEnabled;
238	 DeniedUrl "/RequestDenied";
239	 CheckRule "$SQL >= 8" BLOCK;
240	 CheckRule "$RFI >= 8" BLOCK;
241	 CheckRule "$TRAVERSAL >= 4" BLOCK;
242	 CheckRule "$XSS >= 8" BLOCK;
243  	 root $TEST_NGINX_SERVROOT/html/;
244         index index.html index.htm;
245}
246location /RequestDenied {
247	 return 412;
248}
249--- request
250GET /a?b=foobar
251--- error_code: 404
252
253
254
255
256
257
258=== WL TEST 2.05
259--- main_config
260load_module /tmp/naxsi_ut/modules/ngx_http_naxsi_module.so;
261--- http_config
262include /tmp/naxsi_ut/naxsi_core.rules;
263MainRule negative "rx:^foobar$" "msg:foobar test pattern" "mz:$URL:/a|$ARGS_VAR:b" "s:$SQL:42" id:1999;
264--- config
265location / {
266	 #LearningMode;
267	 SecRulesEnabled;
268	 DeniedUrl "/RequestDenied";
269	 CheckRule "$SQL >= 8" BLOCK;
270	 CheckRule "$RFI >= 8" BLOCK;
271	 CheckRule "$TRAVERSAL >= 4" BLOCK;
272	 CheckRule "$XSS >= 8" BLOCK;
273  	 root $TEST_NGINX_SERVROOT/html/;
274         index index.html index.htm;
275}
276location /RequestDenied {
277	 return 412;
278}
279--- request
280GET /a?b=foobar
281--- error_code: 404
282
283
284
285
286
287=== WL TEST 2.06
288--- main_config
289load_module /tmp/naxsi_ut/modules/ngx_http_naxsi_module.so;
290--- http_config
291include /tmp/naxsi_ut/naxsi_core.rules;
292MainRule negative "rx:^foobar$" "msg:foobar test pattern" "mz:$URL:/a|$ARGS_VAR:b" "s:$SQL:42" id:1999;
293--- config
294location / {
295	 #LearningMode;
296	 SecRulesEnabled;
297	 DeniedUrl "/RequestDenied";
298	 CheckRule "$SQL >= 8" BLOCK;
299	 CheckRule "$RFI >= 8" BLOCK;
300	 CheckRule "$TRAVERSAL >= 4" BLOCK;
301	 CheckRule "$XSS >= 8" BLOCK;
302  	 root $TEST_NGINX_SERVROOT/html/;
303         index index.html index.htm;
304}
305location /RequestDenied {
306	 return 412;
307}
308--- request
309GET /a?b=foobara
310--- error_code: 412
311
312
313
314
315
316=== WL TEST 2.07
317--- main_config
318load_module /tmp/naxsi_ut/modules/ngx_http_naxsi_module.so;
319--- http_config
320include /tmp/naxsi_ut/naxsi_core.rules;
321MainRule negative "rx:^[0-9]+$" "msg:foobar test pattern" "mz:$URL:/a|$ARGS_VAR:b" "s:$SQL:42" id:1999;
322--- config
323location / {
324	 #LearningMode;
325	 SecRulesEnabled;
326	 DeniedUrl "/RequestDenied";
327	 CheckRule "$SQL >= 8" BLOCK;
328	 CheckRule "$RFI >= 8" BLOCK;
329	 CheckRule "$TRAVERSAL >= 4" BLOCK;
330	 CheckRule "$XSS >= 8" BLOCK;
331  	 root $TEST_NGINX_SERVROOT/html/;
332         index index.html index.htm;
333}
334location /RequestDenied {
335	 return 412;
336}
337--- request
338GET /a?b=foobara
339--- error_code: 412
340
341
342
343=== WL TEST 2.08
344--- main_config
345load_module /tmp/naxsi_ut/modules/ngx_http_naxsi_module.so;
346--- http_config
347include /tmp/naxsi_ut/naxsi_core.rules;
348MainRule negative "rx:^[0-9]+$" "msg:foobar test pattern" "mz:$URL:/a|$ARGS_VAR:b" "s:$SQL:42" id:1999;
349--- config
350location / {
351	 #LearningMode;
352	 SecRulesEnabled;
353	 DeniedUrl "/RequestDenied";
354	 CheckRule "$SQL >= 8" BLOCK;
355	 CheckRule "$RFI >= 8" BLOCK;
356	 CheckRule "$TRAVERSAL >= 4" BLOCK;
357	 CheckRule "$XSS >= 8" BLOCK;
358  	 root $TEST_NGINX_SERVROOT/html/;
359         index index.html index.htm;
360}
361location /RequestDenied {
362	 return 412;
363}
364--- request
365GET /a?b=1234
366--- error_code: 404
367
368
369
370
371
372
373