diff --git a/config_tests/CONF_000_GLOBAL.yaml b/config_tests/CONF_000_GLOBAL.yaml
index 7b57329..03ab3c7 100644
--- a/config_tests/CONF_000_GLOBAL.yaml
+++ b/config_tests/CONF_000_GLOBAL.yaml
@@ -13,6 +13,15 @@ global:
log,\
msg:'%{MATCHED_VAR_NAME} was caught in phase:${PHASE}$',\
ver:'${VERSION}$'"
+ - name: "Non-disruptive SecRule for TARGETS"
+ template: |
+ SecRule ${TARGET}$ "${OPERATOR}$ ${OPARG}$" \
+ "id:${CURRID}$,\
+ phase:${PHASE}$,\
+ t:none,\
+ log,\
+ msg:'%{MATCHED_VAR_NAME} was caught in phase:${PHASE}$',\
+ ver:'${VERSION}$'"
default_tests_phase_methods:
- 1: get
- 2: post
diff --git a/config_tests/CONF_069_TARGET_RESPONSE_BODY.yaml b/config_tests/CONF_069_TARGET_RESPONSE_BODY.yaml
new file mode 100644
index 0000000..2ae6a07
--- /dev/null
+++ b/config_tests/CONF_069_TARGET_RESPONSE_BODY.yaml
@@ -0,0 +1,51 @@
+target: RESPONSE_BODY
+rulefile: MRTS_069_RESPONSE_BODY.conf
+testfile: MRTS_069_RESPONSE_BODY.yaml
+templates:
+ - Non-disruptive SecRule for TARGETS
+colkey:
+ - - ''
+operator:
+ - '@contains'
+oparg:
+ - attack
+phase:
+ - 4
+ - 5
+testdata:
+ phase_methods:
+ 4: post
+ 5: post
+ targets:
+ - target: ''
+ test:
+ data: '{"status": 200, "headers": {"Content-Type":"text/plain"}, "body": "attack"}'
+ input:
+ headers:
+ - name: Content-Type
+ value: application/json
+ uri: '/reflect'
+ - target: ''
+ test:
+ data: '{"status": 200, "headers": {"Content-Type":"text/html"}, "body": "attack"}'
+ input:
+ headers:
+ - name: Content-Type
+ value: application/json
+ uri: '/reflect'
+ - target: ''
+ test:
+ data: '{"status": 200, "headers": {"Content-Type":"text/xml"}, "body": "attackfoo"}'
+ input:
+ headers:
+ - name: Content-Type
+ value: application/json
+ uri: '/reflect'
+ - target: ''
+ test:
+ data: '{"status": 200, "headers": {"Content-Type":"application/json"}, "body": "{test:attack}"}'
+ input:
+ headers:
+ - name: Content-Type
+ value: application/json
+ uri: '/reflect'
diff --git a/generated/rules/MRTS_069_RESPONSE_BODY.conf b/generated/rules/MRTS_069_RESPONSE_BODY.conf
new file mode 100644
index 0000000..8eb8763
--- /dev/null
+++ b/generated/rules/MRTS_069_RESPONSE_BODY.conf
@@ -0,0 +1,16 @@
+SecRule RESPONSE_BODY "@contains attack" \
+ "id:100152,\
+ phase:4,\
+ t:none,\
+ log,\
+ msg:'%{MATCHED_VAR_NAME} was caught in phase:4',\
+ ver:'MRTS/0.1'"
+
+SecRule RESPONSE_BODY "@contains attack" \
+ "id:100153,\
+ phase:5,\
+ t:none,\
+ log,\
+ msg:'%{MATCHED_VAR_NAME} was caught in phase:5',\
+ ver:'MRTS/0.1'"
+
diff --git a/generated/rules/MRTS_110_XML.conf b/generated/rules/MRTS_110_XML.conf
index e06683d..19adad0 100644
--- a/generated/rules/MRTS_110_XML.conf
+++ b/generated/rules/MRTS_110_XML.conf
@@ -1,5 +1,5 @@
SecRule XML:/* "@beginsWith foo" \
- "id:100152,\
+ "id:100154,\
phase:2,\
deny,\
t:none,\
@@ -8,7 +8,7 @@ SecRule XML:/* "@beginsWith foo" \
ver:'MRTS/0.1'"
SecRule XML:/* "@beginsWith foo" \
- "id:100153,\
+ "id:100155,\
phase:3,\
deny,\
t:none,\
@@ -17,7 +17,7 @@ SecRule XML:/* "@beginsWith foo" \
ver:'MRTS/0.1'"
SecRule XML:/* "@beginsWith foo" \
- "id:100154,\
+ "id:100156,\
phase:4,\
deny,\
t:none,\
diff --git a/generated/tests/regression/tests/100152_MRTS_069_RESPONSE_BODY.yaml b/generated/tests/regression/tests/100152_MRTS_069_RESPONSE_BODY.yaml
new file mode 100644
index 0000000..6b9c50d
--- /dev/null
+++ b/generated/tests/regression/tests/100152_MRTS_069_RESPONSE_BODY.yaml
@@ -0,0 +1,100 @@
+---
+meta:
+ author: MRTS generate-rules.py
+ enabled: true
+ name: MRTS_069_RESPONSE_BODY.yaml
+ description: Desc
+tests:
+- test_title: 100152-1
+ ruleid: 100152
+ test_id: 1
+ desc: 'Test case for rule 100152, #1'
+ stages:
+ - description: Send request
+ input:
+ dest_addr: 127.0.0.1
+ port: 80
+ protocol: http
+ method: POST
+ headers:
+ User-Agent: OWASP MRTS test agent
+ Host: localhost
+ Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
+ Content-Type: application/json
+ uri: /reflect
+ version: HTTP/1.1
+ data: '{"status": 200, "headers": {"Content-Type":"text/plain"}, "body": "attack"}'
+ output:
+ log:
+ expect_ids:
+ - 100152
+- test_title: 100152-2
+ ruleid: 100152
+ test_id: 2
+ desc: 'Test case for rule 100152, #2'
+ stages:
+ - description: Send request
+ input:
+ dest_addr: 127.0.0.1
+ port: 80
+ protocol: http
+ method: POST
+ headers:
+ User-Agent: OWASP MRTS test agent
+ Host: localhost
+ Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
+ Content-Type: application/json
+ uri: /reflect
+ version: HTTP/1.1
+ data: '{"status": 200, "headers": {"Content-Type":"text/html"}, "body": "attack"}'
+ output:
+ log:
+ expect_ids:
+ - 100152
+- test_title: 100152-3
+ ruleid: 100152
+ test_id: 3
+ desc: 'Test case for rule 100152, #3'
+ stages:
+ - description: Send request
+ input:
+ dest_addr: 127.0.0.1
+ port: 80
+ protocol: http
+ method: POST
+ headers:
+ User-Agent: OWASP MRTS test agent
+ Host: localhost
+ Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
+ Content-Type: application/json
+ uri: /reflect
+ version: HTTP/1.1
+ data: '{"status": 200, "headers": {"Content-Type":"text/xml"}, "body": "attackfoo"}'
+ output:
+ log:
+ expect_ids:
+ - 100152
+- test_title: 100152-4
+ ruleid: 100152
+ test_id: 4
+ desc: 'Test case for rule 100152, #4'
+ stages:
+ - description: Send request
+ input:
+ dest_addr: 127.0.0.1
+ port: 80
+ protocol: http
+ method: POST
+ headers:
+ User-Agent: OWASP MRTS test agent
+ Host: localhost
+ Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
+ Content-Type: application/json
+ uri: /reflect
+ version: HTTP/1.1
+ data: '{"status": 200, "headers": {"Content-Type":"application/json"}, "body":
+ "{test:attack}"}'
+ output:
+ log:
+ expect_ids:
+ - 100152
diff --git a/generated/tests/regression/tests/100153_MRTS_069_RESPONSE_BODY.yaml b/generated/tests/regression/tests/100153_MRTS_069_RESPONSE_BODY.yaml
new file mode 100644
index 0000000..a17a700
--- /dev/null
+++ b/generated/tests/regression/tests/100153_MRTS_069_RESPONSE_BODY.yaml
@@ -0,0 +1,100 @@
+---
+meta:
+ author: MRTS generate-rules.py
+ enabled: true
+ name: MRTS_069_RESPONSE_BODY.yaml
+ description: Desc
+tests:
+- test_title: 100153-1
+ ruleid: 100153
+ test_id: 1
+ desc: 'Test case for rule 100153, #1'
+ stages:
+ - description: Send request
+ input:
+ dest_addr: 127.0.0.1
+ port: 80
+ protocol: http
+ method: POST
+ headers:
+ User-Agent: OWASP MRTS test agent
+ Host: localhost
+ Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
+ Content-Type: application/json
+ uri: /reflect
+ version: HTTP/1.1
+ data: '{"status": 200, "headers": {"Content-Type":"text/plain"}, "body": "attack"}'
+ output:
+ log:
+ expect_ids:
+ - 100153
+- test_title: 100153-2
+ ruleid: 100153
+ test_id: 2
+ desc: 'Test case for rule 100153, #2'
+ stages:
+ - description: Send request
+ input:
+ dest_addr: 127.0.0.1
+ port: 80
+ protocol: http
+ method: POST
+ headers:
+ User-Agent: OWASP MRTS test agent
+ Host: localhost
+ Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
+ Content-Type: application/json
+ uri: /reflect
+ version: HTTP/1.1
+ data: '{"status": 200, "headers": {"Content-Type":"text/html"}, "body": "attack"}'
+ output:
+ log:
+ expect_ids:
+ - 100153
+- test_title: 100153-3
+ ruleid: 100153
+ test_id: 3
+ desc: 'Test case for rule 100153, #3'
+ stages:
+ - description: Send request
+ input:
+ dest_addr: 127.0.0.1
+ port: 80
+ protocol: http
+ method: POST
+ headers:
+ User-Agent: OWASP MRTS test agent
+ Host: localhost
+ Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
+ Content-Type: application/json
+ uri: /reflect
+ version: HTTP/1.1
+ data: '{"status": 200, "headers": {"Content-Type":"text/xml"}, "body": "attackfoo"}'
+ output:
+ log:
+ expect_ids:
+ - 100153
+- test_title: 100153-4
+ ruleid: 100153
+ test_id: 4
+ desc: 'Test case for rule 100153, #4'
+ stages:
+ - description: Send request
+ input:
+ dest_addr: 127.0.0.1
+ port: 80
+ protocol: http
+ method: POST
+ headers:
+ User-Agent: OWASP MRTS test agent
+ Host: localhost
+ Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
+ Content-Type: application/json
+ uri: /reflect
+ version: HTTP/1.1
+ data: '{"status": 200, "headers": {"Content-Type":"application/json"}, "body":
+ "{test:attack}"}'
+ output:
+ log:
+ expect_ids:
+ - 100153
diff --git a/generated/tests/regression/tests/100152_MRTS_110_XML.yaml b/generated/tests/regression/tests/100155_MRTS_110_XML.yaml
similarity index 86%
rename from generated/tests/regression/tests/100152_MRTS_110_XML.yaml
rename to generated/tests/regression/tests/100155_MRTS_110_XML.yaml
index 65234bc..1707477 100644
--- a/generated/tests/regression/tests/100152_MRTS_110_XML.yaml
+++ b/generated/tests/regression/tests/100155_MRTS_110_XML.yaml
@@ -5,10 +5,10 @@ meta:
name: MRTS_110_XML.yaml
description: Desc
tests:
-- test_title: 100152-1
- ruleid: 100152
+- test_title: 100155-1
+ ruleid: 100155
test_id: 1
- desc: 'Test case for rule 100152, #1'
+ desc: 'Test case for rule 100155, #1'
stages:
- description: Send request
input:
@@ -27,4 +27,4 @@ tests:
output:
log:
expect_ids:
- - 100152
+ - 100155
diff --git a/generated/tests/regression/tests/100153_MRTS_110_XML.yaml b/generated/tests/regression/tests/100156_MRTS_110_XML.yaml
similarity index 86%
rename from generated/tests/regression/tests/100153_MRTS_110_XML.yaml
rename to generated/tests/regression/tests/100156_MRTS_110_XML.yaml
index f2255be..261117d 100644
--- a/generated/tests/regression/tests/100153_MRTS_110_XML.yaml
+++ b/generated/tests/regression/tests/100156_MRTS_110_XML.yaml
@@ -5,10 +5,10 @@ meta:
name: MRTS_110_XML.yaml
description: Desc
tests:
-- test_title: 100153-1
- ruleid: 100153
+- test_title: 100156-1
+ ruleid: 100156
test_id: 1
- desc: 'Test case for rule 100153, #1'
+ desc: 'Test case for rule 100156, #1'
stages:
- description: Send request
input:
@@ -27,4 +27,4 @@ tests:
output:
log:
expect_ids:
- - 100153
+ - 100156