Skip to content

Commit b3ffee1

Browse files
SebitoshSebitosh
committed
Test target REQUEST_COOKIES_NAMES
Signed-off-by: Sebitosh <[email protected]>
1 parent a67f6c8 commit b3ffee1

22 files changed

+1667
-15
lines changed

config_tests/CONF_060_TARGET_REQUEST_COOKIES_NAMES.yaml

Lines changed: 76 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,76 @@
1+
target: REQUEST_COOKIES_NAMES
2+
rulefile: MRTS_060_REQUEST_COOKIES_NAMES.conf
3+
testfile: MRTS_060_REQUEST_COOKIES_NAMES.yaml
4+
templates:
5+
- SecRule for TARGETS
6+
colkey:
7+
- - ''
8+
- - attack1
9+
- - attack1
10+
- attack2
11+
- - /^attack_.*$/
12+
operator:
13+
- '@contains'
14+
oparg:
15+
- attack
16+
phase:
17+
- 1
18+
- 2
19+
- 3
20+
- 4
21+
testdata:
22+
phase_methods:
23+
1: get
24+
2: post
25+
3: post
26+
4: post
27+
targets:
28+
- target: ''
29+
test:
30+
data: null
31+
input:
32+
headers:
33+
- name: Cookie
34+
value: attack=test
35+
- target: attack1
36+
test:
37+
data: null
38+
input:
39+
headers:
40+
- name: Cookie
41+
value: attack1=test
42+
- target: attack1
43+
test:
44+
data: null
45+
input:
46+
headers:
47+
- name: Cookie
48+
value: attack1=test;hello=test
49+
- target: attack2
50+
test:
51+
data: null
52+
input:
53+
headers:
54+
- name: Cookie
55+
value: attack2=test
56+
- target: attack2
57+
test:
58+
data: null
59+
input:
60+
headers:
61+
- name: Cookie
62+
value: hello=test;attack2=test
63+
- target: /^attack_.*$/
64+
test:
65+
data: null
66+
input:
67+
headers:
68+
- name: Cookie
69+
value: attack_foo=test
70+
- target: /^attack_.*$/
71+
test:
72+
data: null
73+
input:
74+
headers:
75+
- name: Cookie
76+
value: hello=test;attack_foo=text;world=test

generated/rules/MRTS_060_REQUEST_COOKIES_NAMES.conf

Lines changed: 144 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,144 @@
1+
SecRule REQUEST_COOKIES_NAMES "@contains attack" \
2+
"id:100132,\
3+
phase:1,\
4+
deny,\
5+
t:none,\
6+
log,\
7+
msg:'%{MATCHED_VAR_NAME} was caught in phase:1',\
8+
ver:'MRTS/0.1'"
9+
10+
SecRule REQUEST_COOKIES_NAMES "@contains attack" \
11+
"id:100133,\
12+
phase:2,\
13+
deny,\
14+
t:none,\
15+
log,\
16+
msg:'%{MATCHED_VAR_NAME} was caught in phase:2',\
17+
ver:'MRTS/0.1'"
18+
19+
SecRule REQUEST_COOKIES_NAMES "@contains attack" \
20+
"id:100134,\
21+
phase:3,\
22+
deny,\
23+
t:none,\
24+
log,\
25+
msg:'%{MATCHED_VAR_NAME} was caught in phase:3',\
26+
ver:'MRTS/0.1'"
27+
28+
SecRule REQUEST_COOKIES_NAMES "@contains attack" \
29+
"id:100135,\
30+
phase:4,\
31+
deny,\
32+
t:none,\
33+
log,\
34+
msg:'%{MATCHED_VAR_NAME} was caught in phase:4',\
35+
ver:'MRTS/0.1'"
36+
37+
SecRule REQUEST_COOKIES_NAMES:attack1 "@contains attack" \
38+
"id:100136,\
39+
phase:1,\
40+
deny,\
41+
t:none,\
42+
log,\
43+
msg:'%{MATCHED_VAR_NAME} was caught in phase:1',\
44+
ver:'MRTS/0.1'"
45+
46+
SecRule REQUEST_COOKIES_NAMES:attack1 "@contains attack" \
47+
"id:100137,\
48+
phase:2,\
49+
deny,\
50+
t:none,\
51+
log,\
52+
msg:'%{MATCHED_VAR_NAME} was caught in phase:2',\
53+
ver:'MRTS/0.1'"
54+
55+
SecRule REQUEST_COOKIES_NAMES:attack1 "@contains attack" \
56+
"id:100138,\
57+
phase:3,\
58+
deny,\
59+
t:none,\
60+
log,\
61+
msg:'%{MATCHED_VAR_NAME} was caught in phase:3',\
62+
ver:'MRTS/0.1'"
63+
64+
SecRule REQUEST_COOKIES_NAMES:attack1 "@contains attack" \
65+
"id:100139,\
66+
phase:4,\
67+
deny,\
68+
t:none,\
69+
log,\
70+
msg:'%{MATCHED_VAR_NAME} was caught in phase:4',\
71+
ver:'MRTS/0.1'"
72+
73+
SecRule REQUEST_COOKIES_NAMES:attack1|REQUEST_COOKIES_NAMES:attack2 "@contains attack" \
74+
"id:100140,\
75+
phase:1,\
76+
deny,\
77+
t:none,\
78+
log,\
79+
msg:'%{MATCHED_VAR_NAME} was caught in phase:1',\
80+
ver:'MRTS/0.1'"
81+
82+
SecRule REQUEST_COOKIES_NAMES:attack1|REQUEST_COOKIES_NAMES:attack2 "@contains attack" \
83+
"id:100141,\
84+
phase:2,\
85+
deny,\
86+
t:none,\
87+
log,\
88+
msg:'%{MATCHED_VAR_NAME} was caught in phase:2',\
89+
ver:'MRTS/0.1'"
90+
91+
SecRule REQUEST_COOKIES_NAMES:attack1|REQUEST_COOKIES_NAMES:attack2 "@contains attack" \
92+
"id:100142,\
93+
phase:3,\
94+
deny,\
95+
t:none,\
96+
log,\
97+
msg:'%{MATCHED_VAR_NAME} was caught in phase:3',\
98+
ver:'MRTS/0.1'"
99+
100+
SecRule REQUEST_COOKIES_NAMES:attack1|REQUEST_COOKIES_NAMES:attack2 "@contains attack" \
101+
"id:100143,\
102+
phase:4,\
103+
deny,\
104+
t:none,\
105+
log,\
106+
msg:'%{MATCHED_VAR_NAME} was caught in phase:4',\
107+
ver:'MRTS/0.1'"
108+
109+
SecRule REQUEST_COOKIES_NAMES:/^attack_.*$/ "@contains attack" \
110+
"id:100144,\
111+
phase:1,\
112+
deny,\
113+
t:none,\
114+
log,\
115+
msg:'%{MATCHED_VAR_NAME} was caught in phase:1',\
116+
ver:'MRTS/0.1'"
117+
118+
SecRule REQUEST_COOKIES_NAMES:/^attack_.*$/ "@contains attack" \
119+
"id:100145,\
120+
phase:2,\
121+
deny,\
122+
t:none,\
123+
log,\
124+
msg:'%{MATCHED_VAR_NAME} was caught in phase:2',\
125+
ver:'MRTS/0.1'"
126+
127+
SecRule REQUEST_COOKIES_NAMES:/^attack_.*$/ "@contains attack" \
128+
"id:100146,\
129+
phase:3,\
130+
deny,\
131+
t:none,\
132+
log,\
133+
msg:'%{MATCHED_VAR_NAME} was caught in phase:3',\
134+
ver:'MRTS/0.1'"
135+
136+
SecRule REQUEST_COOKIES_NAMES:/^attack_.*$/ "@contains attack" \
137+
"id:100147,\
138+
phase:4,\
139+
deny,\
140+
t:none,\
141+
log,\
142+
msg:'%{MATCHED_VAR_NAME} was caught in phase:4',\
143+
ver:'MRTS/0.1'"
144+

generated/rules/MRTS_110_XML.conf

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,5 @@
11
SecRule XML:/* "@beginsWith foo" \
2-
"id:100132,\
2+
"id:100148,\
33
phase:2,\
44
deny,\
55
t:none,\
@@ -8,7 +8,7 @@ SecRule XML:/* "@beginsWith foo" \
88
ver:'MRTS/0.1'"
99

1010
SecRule XML:/* "@beginsWith foo" \
11-
"id:100133,\
11+
"id:100149,\
1212
phase:3,\
1313
deny,\
1414
t:none,\
@@ -17,7 +17,7 @@ SecRule XML:/* "@beginsWith foo" \
1717
ver:'MRTS/0.1'"
1818

1919
SecRule XML:/* "@beginsWith foo" \
20-
"id:100134,\
20+
"id:100150,\
2121
phase:4,\
2222
deny,\
2323
t:none,\

0 commit comments

Comments
 (0)