Skip to content

Test: target RESPONSE_BODY - 069 #31

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Jun 1, 2025
Merged

Test: target RESPONSE_BODY - 069 #31

merged 1 commit into from
Jun 1, 2025

Conversation

Sebitosh
Copy link
Contributor

@Sebitosh Sebitosh commented May 6, 2025
edited
Loading

Description

#27

Target test on RESPONSE_BODY. The test uses albedo's /reflect endpoint to reflect responses. The test generates rules for phases 4 & 5, checking if 4 responses of different content-types contain a string. The 4 content-types tested are the ones present in SecResponseBodyMimeType and are text/plain, text/html, text/xml, and application/json.

Went for this test to demonstrate the framework's capability of using reflected responses and because this target is used 55 times in CRS 4.8.0 according to https://crsdoc.digitalwave.hu/?v=v4.8.0

Assessment on V2

All tests pass on V2

Assessment on V3 (using the not yet merged #24 infra)

All tests pass on V3

@Sebitosh Sebitosh force-pushed the test-target-response-body branch from a4d68db to 49ae971 Compare June 1, 2025 20:21
@Sebitosh
Copy link
Contributor Author

Sebitosh commented Jun 1, 2025

rebased & regenerated

@airween airween merged commit 13aa912 into owasp-modsecurity:main Jun 1, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@Sebitosh @airween