Ervin Hegedus airween

## issue-3053.json
[
  {
    "enabled":1,
    "version_min":300000,
    "title":"Testing CtlRuleRemoteById (1) - issue 3053",
    "expected":{
      "debug_log": "Rule id: 2 was skipped due to a ruleRemoveById action...",
      "http_code": 403
    },
    "client":{

## crs-capec-collect.py
#!/usr/bin/python3

import argparse
import sys
import msc_pyparser
import json

# use:
# ./crs-data-collector.py -r ~/src/coreruleset/rules/*.conf | jq . | less

## gethistory.py
#!/usr/bin/python3

import requests
import json

def send_request(req):
    return requests.post(req['url'], data = req['data'])

URL = {
    'scheme':    "https",

## hamultis
ZA
GY
VA
KO
VE
SO
TO
BA
FE
BP

## errorlog1.json
[
  {
    "enabled":1,
    "version_min":300000,
    "title":"Testing error log output :: example 1",
    "client":{
      "ip":"200.249.12.31",
      "port":123
    },
    "server":{

## check_variable.py
#!/usr/bin/python3

import yaml
import sys
from msc_pyparser import MSCUtils as u
import os

class Check(object):
    def __init__(self, src, data):
        self.source = src

## rmwsp.cc
/*
clang++ -Wall rmwsp.cc
g++ -Wall rmwsp.cc
*/

#include <string>
#include <iostream>

#define NBSP 160

## variable-REQUEST_BODY-xml.json
[
  {
    "enabled":1,
    "version_min":300000,
    "title":"Testing Variables :: REQUEST_BODY with XML",
    "client":{
      "ip":"200.249.12.31",
      "port":123
    },
    "server":{

## issue-2157.json
[
  {
    "enabled":1,
    "version_min":300000,
    "title":"issue 2157",
    "client":{
      "ip":"200.249.12.31",
      "port":123
    },
    "server":{

## rule-941330-2.conf

SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|!REQUEST_COOKIES:/_pk_ref/|REQUEST_COOKIES_NAMES|ARGS_NAMES|ARGS|XML:/* "@rx (?i:[\"\'][ ]*(([^a-z0-9~_:\' ])|(in)).*?(((l|(\\u006C))(o|(\\u006F))(c|(\\u0063))(a|(\\u0061))(t|(\\u0074))(i|(\\u0069))(o|(\\u006F))(n|(\\u006E)))|((n|(\\u006E))(a|(\\u0061))(m|(\\u006D))(e|(\\u0065)))|((o|(\\u006F))(n|(\\u006E))(e|(\\u0065))(r|(\\u0072))(r|(\\u0072))(o|(\\u006F))(r|(\\u0072)))|((v|(\\u0076))(a|(\\u0061))(l|(\\u006C))(u|(\\u0075))(e|(\\u0065))(O|(\\u004F))(f|(\\u0066)))).*?=)" \
    "id:941330,\
    phase:2,\
    block,\
    capture,\
    t:none,t:urlDecodeUni,t:htmlEntityDecode,t:compressWhiteSpace,\
    msg:'IE XSS Filters - Attack Detected.',\
    logdata:'Matched Data: %{TX.0} found within %{MATCHED_VAR_NAME}: %{MATCHED_VAR}',\
    tag:'application-multi',\
	[
	{
	"enabled":1,
	"version_min":300000,
	"title":"Testing CtlRuleRemoteById (1) - issue 3053",
	"expected":{
	"debug_log": "Rule id: 2 was skipped due to a ruleRemoveById action...",
	"http_code": 403
	},
	"client":{
	#!/usr/bin/python3

	import argparse
	import sys
	import msc_pyparser
	import json

	# use:
	# ./crs-data-collector.py -r ~/src/coreruleset/rules/*.conf \| jq . \| less
	#!/usr/bin/python3

	import requests
	import json

	def send_request(req):
	return requests.post(req['url'], data = req['data'])

	URL = {
	'scheme': "https",
	[
	{
	"enabled":1,
	"version_min":300000,
	"title":"Testing error log output :: example 1",
	"client":{
	"ip":"200.249.12.31",
	"port":123
	},
	"server":{
	#!/usr/bin/python3

	import yaml
	import sys
	from msc_pyparser import MSCUtils as u
	import os

	class Check(object):
	def __init__(self, src, data):
	self.source = src
	/*
	clang++ -Wall rmwsp.cc
	g++ -Wall rmwsp.cc
	*/

	#include <string>
	#include <iostream>

	#define NBSP 160
	[
	{
	"enabled":1,
	"version_min":300000,
	"title":"Testing Variables :: REQUEST_BODY with XML",
	"client":{
	"ip":"200.249.12.31",
	"port":123
	},
	"server":{
	[
	{
	"enabled":1,
	"version_min":300000,
	"title":"issue 2157",
	"client":{
	"ip":"200.249.12.31",
	"port":123
	},
	"server":{

	SecRule REQUEST_COOKIES\|!REQUEST_COOKIES:/__utm/\|!REQUEST_COOKIES:/_pk_ref/\|REQUEST_COOKIES_NAMES\|ARGS_NAMES\|ARGS\|XML:/* "@rx (?i:[\"\'][ ](([^a-z0-9~_:\' ])\|(in)).?(((l\|(\\u006C))(o\|(\\u006F))(c\|(\\u0063))(a\|(\\u0061))(t\|(\\u0074))(i\|(\\u0069))(o\|(\\u006F))(n\|(\\u006E)))\|((n\|(\\u006E))(a\|(\\u0061))(m\|(\\u006D))(e\|(\\u0065)))\|((o\|(\\u006F))(n\|(\\u006E))(e\|(\\u0065))(r\|(\\u0072))(r\|(\\u0072))(o\|(\\u006F))(r\|(\\u0072)))\|((v\|(\\u0076))(a\|(\\u0061))(l\|(\\u006C))(u\|(\\u0075))(e\|(\\u0065))(O\|(\\u004F))(f\|(\\u0066)))).*?=)" \
	"id:941330,\
	phase:2,\
	block,\
	capture,\
	t:none,t:urlDecodeUni,t:htmlEntityDecode,t:compressWhiteSpace,\
	msg:'IE XSS Filters - Attack Detected.',\
	logdata:'Matched Data: %{TX.0} found within %{MATCHED_VAR_NAME}: %{MATCHED_VAR}',\
	tag:'application-multi',\