1#vi:filetype=perl 2 3 4# A AJOUTER : 5# TEST CASE AVEC UNE REGLE SUR UN HEADER GENERIQUE 6# La même sur des arguments :) 7 8use lib 'lib'; 9use Test::Nginx::Socket; 10 11plan tests => repeat_each(2) * blocks(); 12no_root_location(); 13no_long_string(); 14$ENV{TEST_NGINX_SERVROOT} = server_root(); 15run_tests(); 16 17__DATA__ 18 19=== WL TEST 1.0 20--- main_config 21load_module /tmp/naxsi_ut/modules/ngx_http_naxsi_module.so; 22--- http_config 23include /tmp/naxsi_ut/naxsi_core.rules; 24MainRule negative "str:foobar" "msg:foobar test pattern" "mz:$ARGS_VAR:b" "s:$SQL:42" id:1999; 25--- config 26location / { 27 #LearningMode; 28 SecRulesEnabled; 29 DeniedUrl "/RequestDenied"; 30 CheckRule "$SQL >= 8" BLOCK; 31 CheckRule "$RFI >= 8" BLOCK; 32 CheckRule "$TRAVERSAL >= 4" BLOCK; 33 CheckRule "$XSS >= 8" BLOCK; 34 root $TEST_NGINX_SERVROOT/html/; 35 index index.html index.htm; 36} 37location /RequestDenied { 38 return 412; 39} 40--- request 41GET /?b=toto 42--- error_code: 412 43 44=== WL TEST 1.01 45--- main_config 46load_module /tmp/naxsi_ut/modules/ngx_http_naxsi_module.so; 47--- http_config 48include /tmp/naxsi_ut/naxsi_core.rules; 49MainRule negative "str:foobar" "msg:foobar test pattern" "mz:$ARGS_VAR:b" "s:$SQL:42" id:1999; 50--- config 51location / { 52 #LearningMode; 53 SecRulesEnabled; 54 DeniedUrl "/RequestDenied"; 55 CheckRule "$SQL >= 8" BLOCK; 56 CheckRule "$RFI >= 8" BLOCK; 57 CheckRule "$TRAVERSAL >= 4" BLOCK; 58 CheckRule "$XSS >= 8" BLOCK; 59 root $TEST_NGINX_SERVROOT/html/; 60 index index.html index.htm; 61} 62location /RequestDenied { 63 return 412; 64} 65--- request 66GET /?b=foobar 67--- error_code: 200 68 69=== WL TEST 1.03 70--- main_config 71load_module /tmp/naxsi_ut/modules/ngx_http_naxsi_module.so; 72--- http_config 73include /tmp/naxsi_ut/naxsi_core.rules; 74MainRule negative "str:foobar" "msg:foobar test pattern" "mz:$URL:/|$ARGS_VAR:b" "s:$SQL:42" id:1999; 75--- config 76location / { 77 #LearningMode; 78 SecRulesEnabled; 79 DeniedUrl "/RequestDenied"; 80 CheckRule "$SQL >= 8" BLOCK; 81 CheckRule "$RFI >= 8" BLOCK; 82 CheckRule "$TRAVERSAL >= 4" BLOCK; 83 CheckRule "$XSS >= 8" BLOCK; 84 root $TEST_NGINX_SERVROOT/html/; 85 index index.html index.htm; 86} 87location /RequestDenied { 88 return 412; 89} 90--- request 91GET /a?b=foobar 92--- error_code: 404 93 94=== WL TEST 1.04 95--- main_config 96load_module /tmp/naxsi_ut/modules/ngx_http_naxsi_module.so; 97--- http_config 98include /tmp/naxsi_ut/naxsi_core.rules; 99MainRule negative "str:foobar" "msg:foobar test pattern" "mz:$URL:/a|$ARGS_VAR:b" "s:$SQL:42" id:1999; 100--- config 101location / { 102 #LearningMode; 103 SecRulesEnabled; 104 DeniedUrl "/RequestDenied"; 105 CheckRule "$SQL >= 8" BLOCK; 106 CheckRule "$RFI >= 8" BLOCK; 107 CheckRule "$TRAVERSAL >= 4" BLOCK; 108 CheckRule "$XSS >= 8" BLOCK; 109 root $TEST_NGINX_SERVROOT/html/; 110 index index.html index.htm; 111} 112location /RequestDenied { 113 return 412; 114} 115--- request 116GET /a?b=foobrar 117--- error_code: 412 118 119 120 121=== WL TEST 2.0 122--- main_config 123load_module /tmp/naxsi_ut/modules/ngx_http_naxsi_module.so; 124--- http_config 125include /tmp/naxsi_ut/naxsi_core.rules; 126MainRule negative "rx:foobar" "msg:foobar test pattern" "mz:$URL:/a|$ARGS_VAR:b" "s:$SQL:42" id:1999; 127--- config 128location / { 129 #LearningMode; 130 SecRulesEnabled; 131 DeniedUrl "/RequestDenied"; 132 CheckRule "$SQL >= 8" BLOCK; 133 CheckRule "$RFI >= 8" BLOCK; 134 CheckRule "$TRAVERSAL >= 4" BLOCK; 135 CheckRule "$XSS >= 8" BLOCK; 136 root $TEST_NGINX_SERVROOT/html/; 137 index index.html index.htm; 138} 139location /RequestDenied { 140 return 412; 141} 142--- request 143GET /a?b=foobrar 144--- error_code: 412 145 146 147 148=== WL TEST 2.01 149--- main_config 150load_module /tmp/naxsi_ut/modules/ngx_http_naxsi_module.so; 151--- http_config 152include /tmp/naxsi_ut/naxsi_core.rules; 153MainRule negative "rx:foobar" "msg:foobar test pattern" "mz:$URL:/a|$ARGS_VAR:b" "s:$SQL:42" id:1999; 154--- config 155location / { 156 #LearningMode; 157 SecRulesEnabled; 158 DeniedUrl "/RequestDenied"; 159 CheckRule "$SQL >= 8" BLOCK; 160 CheckRule "$RFI >= 8" BLOCK; 161 CheckRule "$TRAVERSAL >= 4" BLOCK; 162 CheckRule "$XSS >= 8" BLOCK; 163 root $TEST_NGINX_SERVROOT/html/; 164 index index.html index.htm; 165} 166location /RequestDenied { 167 return 412; 168} 169--- request 170GET /a?b=foobar 171--- error_code: 404 172 173 174=== WL TEST 2.02 175--- main_config 176load_module /tmp/naxsi_ut/modules/ngx_http_naxsi_module.so; 177--- http_config 178include /tmp/naxsi_ut/naxsi_core.rules; 179MainRule negative "rx:^foobar" "msg:foobar test pattern" "mz:$URL:/a|$ARGS_VAR:b" "s:$SQL:42" id:1999; 180--- config 181location / { 182 #LearningMode; 183 SecRulesEnabled; 184 DeniedUrl "/RequestDenied"; 185 CheckRule "$SQL >= 8" BLOCK; 186 CheckRule "$RFI >= 8" BLOCK; 187 CheckRule "$TRAVERSAL >= 4" BLOCK; 188 CheckRule "$XSS >= 8" BLOCK; 189 root $TEST_NGINX_SERVROOT/html/; 190 index index.html index.htm; 191} 192location /RequestDenied { 193 return 412; 194} 195--- request 196GET /?b=foobar 197--- error_code: 200 198 199=== WL TEST 2.03 200--- main_config 201load_module /tmp/naxsi_ut/modules/ngx_http_naxsi_module.so; 202--- http_config 203include /tmp/naxsi_ut/naxsi_core.rules; 204MainRule negative "rx:^foobar" "msg:foobar test pattern" "mz:$URL:/a|$ARGS_VAR:b" "s:$SQL:42" id:1999; 205--- config 206location / { 207 #LearningMode; 208 SecRulesEnabled; 209 DeniedUrl "/RequestDenied"; 210 CheckRule "$SQL >= 8" BLOCK; 211 CheckRule "$RFI >= 8" BLOCK; 212 CheckRule "$TRAVERSAL >= 4" BLOCK; 213 CheckRule "$XSS >= 8" BLOCK; 214 root $TEST_NGINX_SERVROOT/html/; 215 index index.html index.htm; 216} 217location /RequestDenied { 218 return 412; 219} 220--- request 221GET /a?b=rfoobar 222--- error_code: 412 223 224 225 226 227 228=== WL TEST 2.04 229--- main_config 230load_module /tmp/naxsi_ut/modules/ngx_http_naxsi_module.so; 231--- http_config 232include /tmp/naxsi_ut/naxsi_core.rules; 233MainRule negative "rx:^foobar" "msg:foobar test pattern" "mz:$URL:/a|$ARGS_VAR:b" "s:$SQL:42" id:1999; 234--- config 235location / { 236 #LearningMode; 237 SecRulesEnabled; 238 DeniedUrl "/RequestDenied"; 239 CheckRule "$SQL >= 8" BLOCK; 240 CheckRule "$RFI >= 8" BLOCK; 241 CheckRule "$TRAVERSAL >= 4" BLOCK; 242 CheckRule "$XSS >= 8" BLOCK; 243 root $TEST_NGINX_SERVROOT/html/; 244 index index.html index.htm; 245} 246location /RequestDenied { 247 return 412; 248} 249--- request 250GET /a?b=foobar 251--- error_code: 404 252 253 254 255 256 257 258=== WL TEST 2.05 259--- main_config 260load_module /tmp/naxsi_ut/modules/ngx_http_naxsi_module.so; 261--- http_config 262include /tmp/naxsi_ut/naxsi_core.rules; 263MainRule negative "rx:^foobar$" "msg:foobar test pattern" "mz:$URL:/a|$ARGS_VAR:b" "s:$SQL:42" id:1999; 264--- config 265location / { 266 #LearningMode; 267 SecRulesEnabled; 268 DeniedUrl "/RequestDenied"; 269 CheckRule "$SQL >= 8" BLOCK; 270 CheckRule "$RFI >= 8" BLOCK; 271 CheckRule "$TRAVERSAL >= 4" BLOCK; 272 CheckRule "$XSS >= 8" BLOCK; 273 root $TEST_NGINX_SERVROOT/html/; 274 index index.html index.htm; 275} 276location /RequestDenied { 277 return 412; 278} 279--- request 280GET /a?b=foobar 281--- error_code: 404 282 283 284 285 286 287=== WL TEST 2.06 288--- main_config 289load_module /tmp/naxsi_ut/modules/ngx_http_naxsi_module.so; 290--- http_config 291include /tmp/naxsi_ut/naxsi_core.rules; 292MainRule negative "rx:^foobar$" "msg:foobar test pattern" "mz:$URL:/a|$ARGS_VAR:b" "s:$SQL:42" id:1999; 293--- config 294location / { 295 #LearningMode; 296 SecRulesEnabled; 297 DeniedUrl "/RequestDenied"; 298 CheckRule "$SQL >= 8" BLOCK; 299 CheckRule "$RFI >= 8" BLOCK; 300 CheckRule "$TRAVERSAL >= 4" BLOCK; 301 CheckRule "$XSS >= 8" BLOCK; 302 root $TEST_NGINX_SERVROOT/html/; 303 index index.html index.htm; 304} 305location /RequestDenied { 306 return 412; 307} 308--- request 309GET /a?b=foobara 310--- error_code: 412 311 312 313 314 315 316=== WL TEST 2.07 317--- main_config 318load_module /tmp/naxsi_ut/modules/ngx_http_naxsi_module.so; 319--- http_config 320include /tmp/naxsi_ut/naxsi_core.rules; 321MainRule negative "rx:^[0-9]+$" "msg:foobar test pattern" "mz:$URL:/a|$ARGS_VAR:b" "s:$SQL:42" id:1999; 322--- config 323location / { 324 #LearningMode; 325 SecRulesEnabled; 326 DeniedUrl "/RequestDenied"; 327 CheckRule "$SQL >= 8" BLOCK; 328 CheckRule "$RFI >= 8" BLOCK; 329 CheckRule "$TRAVERSAL >= 4" BLOCK; 330 CheckRule "$XSS >= 8" BLOCK; 331 root $TEST_NGINX_SERVROOT/html/; 332 index index.html index.htm; 333} 334location /RequestDenied { 335 return 412; 336} 337--- request 338GET /a?b=foobara 339--- error_code: 412 340 341 342 343=== WL TEST 2.08 344--- main_config 345load_module /tmp/naxsi_ut/modules/ngx_http_naxsi_module.so; 346--- http_config 347include /tmp/naxsi_ut/naxsi_core.rules; 348MainRule negative "rx:^[0-9]+$" "msg:foobar test pattern" "mz:$URL:/a|$ARGS_VAR:b" "s:$SQL:42" id:1999; 349--- config 350location / { 351 #LearningMode; 352 SecRulesEnabled; 353 DeniedUrl "/RequestDenied"; 354 CheckRule "$SQL >= 8" BLOCK; 355 CheckRule "$RFI >= 8" BLOCK; 356 CheckRule "$TRAVERSAL >= 4" BLOCK; 357 CheckRule "$XSS >= 8" BLOCK; 358 root $TEST_NGINX_SERVROOT/html/; 359 index index.html index.htm; 360} 361location /RequestDenied { 362 return 412; 363} 364--- request 365GET /a?b=1234 366--- error_code: 404 367 368 369 370 371 372 373