Skip to content

Instantly share code, notes, and snippets.

@fzipi

fzipi/coreruleset-tests.patch

Last active March 17, 2021 23:45
Show Gist options
  • Save fzipi/b9e22b3834a5fa32970878c72775d41e to your computer and use it in GitHub Desktop.
Save fzipi/b9e22b3834a5fa32970878c72775d41e to your computer and use it in GitHub Desktop.
Download ZIP
Patch for the coreruleset tests so they can be used with go-ftw
Raw
coreruleset-tests.patch
diff -ru ../coreruleset/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920100.yaml tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920100.yaml
--- ../coreruleset/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920100.yaml 2020-07-09 08:24:15.700645956 -0300
+++ tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920100.yaml 2021-03-17 20:41:25.140883675 -0300
@@ -41,7 +41,7 @@
uri: "/"
version: "HTTP/1.1"
output:
- status: 400
+ status: [400]
-
# Perfectly valid OPTIONS request
test_title: 920100-3
@@ -95,7 +95,7 @@
uri: "www.cnn.com"
version: "HTTP/1.1"
output:
- status: 400
+ status: [400]
-
# This is an acceptable CONNECT request for SSL tunneling
test_title: 920100-6
@@ -226,7 +226,7 @@
uri: /
version: HTTP/1.1
output:
- status: 400
+ status: [400]
-
test_title: 920100-13
desc: Invalid HTTP Request Line (920100) - Test 2 from old modsec regressions
diff -ru ../coreruleset/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920120.yaml tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920120.yaml
--- ../coreruleset/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920120.yaml 2020-05-14 13:42:58.815442593 -0300
+++ tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920120.yaml 2021-03-17 20:41:25.142883688 -0300
@@ -22,13 +22,13 @@
Connection: "close"
Referer: "http://localhost/"
Content-Type: "multipart/form-data; boundary=--------397236876"
- data:
- - "----------397236876"
- - "Content-Disposition: form-data; name=\"fileRap\"; filename=\"file=.txt\""
- - "Content-Type: text/plain"
- - ""
- - "555-555-0199@example.com"
- - "----------397236876--"
+ data: |
+ ----------397236876
+ Content-Disposition: form-data; name="fileRap"; filename="file=.txt"
+ Content-Type: text/plain
+
+ 555-555-0199@example.com
+ ----------397236876--
protocol: "http"
output:
log_contains: "id \"920120\""
@@ -55,18 +55,18 @@
port: 80
uri: /cgi-bin/fup.cgi
version: HTTP/1.1
- data:
- - '-----------------------------627652292512397580456702590'
- - 'Content-Disposition: form-data; name="fi=le"; filename="test"'
- - 'Content-Type: text/plain'
- - ''
- - 'email: security@modsecurity.org'
- - ''
- - '-----------------------------627652292512397580456702590'
- - 'Content-Disposition: form-data; name="note"'
- - ''
- - Contact info.
- - '-----------------------------627652292512397580456702590--'
+ data: |
+ -----------------------------627652292512397580456702590
+ Content-Disposition: form-data; name="fi=le"; filename="test"
+ Content-Type: text/plain
+
+ email: security@modsecurity.org
+
+ -----------------------------627652292512397580456702590
+ Content-Disposition: form-data; name="note"
+
+ Contact info.
+ -----------------------------627652292512397580456702590--
output:
log_contains: id "920120"
-
@@ -91,21 +91,21 @@
port: 80
uri: /
version: HTTP/1.1
- data:
- - '-----------------------------265001916915724'
- - 'Content-Disposition: form-data; name="fi;le"; filename="test"'
- - 'Content-Type: application/octet-stream'
- - ''
- - Rotem & Ayala
- - ''
- - '-----------------------------265001916915724'
- - 'Content-Disposition: form-data; name="name"'
- - ''
- - tt2
- - '-----------------------------265001916915724'
- - 'Content-Disposition: form-data; name="B1"'
- - ''
- - Submit
- - '-----------------------------265001916915724--'
+ data: |
+ -----------------------------265001916915724
+ Content-Disposition: form-data; name="fi;le"; filename="test"
+ Content-Type: application/octet-stream
+
+ Rotem & Ayala
+
+ -----------------------------265001916915724
+ Content-Disposition: form-data; name="name"
+
+ tt2
+ -----------------------------265001916915724
+ Content-Disposition: form-data; name="B1"
+
+ Submit
+ -----------------------------265001916915724--
output:
log_contains: id "920120"
diff -ru ../coreruleset/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920160.yaml tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920160.yaml
--- ../coreruleset/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920160.yaml 2021-03-02 14:29:44.806797077 -0300
+++ tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920160.yaml 2021-03-17 20:43:09.668523337 -0300
@@ -22,7 +22,7 @@
protocol: "http"
uri: "/"
output:
- status: 400
+ status: [400]
-
# Non digit content-length with content-type
test_title: 920160-2
@@ -41,7 +41,7 @@
protocol: "http"
uri: "/"
output:
- status: 400
+ status: [400]
-
# Mixed digit and non digit content length
test_title: 920160-3
@@ -60,7 +60,7 @@
protocol: "http"
uri: "/"
output:
- status: 400
+ status: [400]
-
# Test is based in httpbin.org, so backend returns 405 if you are not posting to /post
# Apache auto corrects for this error now so the log should not contain anything
@@ -87,7 +87,7 @@
version: HTTP/1.0
data: abc
output:
- status: 200
+ status: [200]
no_log_contains: id "920160"
-
test_title: 920160-5
Only in tests/REQUEST-920-PROTOCOL-ENFORCEMENT: 920160.yaml.orig
Only in tests/REQUEST-920-PROTOCOL-ENFORCEMENT: 920160.yaml.rej
Only in tests/REQUEST-920-PROTOCOL-ENFORCEMENT: .920160.yaml.rej.swp
diff -ru ../coreruleset/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920181.yaml tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920181.yaml
--- ../coreruleset/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920181.yaml 2020-05-15 13:56:08.145460169 -0300
+++ tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920181.yaml 2021-03-17 20:41:25.144883700 -0300
@@ -22,12 +22,12 @@
Content-Type: "application/x-www-form-urlencoded"
Transfer-Encoding: "chunked"
User-Agent: "ModSecurity CRS 3 Tests"
- data:
- - "7"
- - "foo=bar"
- - "0"
- - ""
- - ""
+ data: |
+ 7
+ foo=bar
+ 0
+
+
stop_magic: true
output:
# Apache unsets the Content-Length header if
diff -ru ../coreruleset/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920240.yaml tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920240.yaml
--- ../coreruleset/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920240.yaml 2020-05-14 13:42:58.816442601 -0300
+++ tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920240.yaml 2021-03-17 20:41:25.145883706 -0300
@@ -77,15 +77,15 @@
Keep-Alive: "300"
Proxy-Connection: "keep-alive"
Content-Type: "text/xml"
- data:
- - "<SOAP-ENV:Envelope xmlns:SOAP-ENV=\"http://schemas.xmlsoap.org/soap/envelope/\" xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns:xsd=\"http://www.w3.org/2001/XMLSchema\" xmlns:ds=\"http://www.w3.org/2000/09/xmldsig#\">"
- - " <SOAP-ENV:Body>"
- - " <xkms:StatusRequest xmlns:xkms=\"http://www.w3.org/2002/03/xkms#\" Id=\"_6ee48478-fdd6-4d7d-b1bf-e7b4c3254659\" ResponseId=\"_c1c36b3f-f962-4aea-bfbd-07ed58468c9b\" Service=\"http://www.soapclient.com/xml/xkms2\">"
- - " <xkms:ResponseMechanism>http://www.w3.org/2002/03/xkms#Pending</xkms:ResponseMechanism>"
- - " <xkms:RespondWith>%1Gwww.attack.org</xkms:RespondWith>"
- - " </xkms:StatusRequest>"
- - " </SOAP-ENV:Body>"
- - "</SOAP-ENV:Envelope>"
+ data: |
+ <SOAP-ENV:Envelope xmlns:SOAP-ENV=\"http://schemas.xmlsoap.org/soap/envelope/\" xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns:xsd=\"http://www.w3.org/2001/XMLSchema\" xmlns:ds=\"http://www.w3.org/2000/09/xmldsig#\">
+ <SOAP-ENV:Body>
+ <xkms:StatusRequest xmlns:xkms=\"http://www.w3.org/2002/03/xkms#\" Id=\"_6ee48478-fdd6-4d7d-b1bf-e7b4c3254659\" ResponseId=\"_c1c36b3f-f962-4aea-bfbd-07ed58468c9b\" Service=\"http://www.soapclient.com/xml/xkms2\">
+ <xkms:ResponseMechanism>http://www.w3.org/2002/03/xkms#Pending</xkms:ResponseMechanism>
+ <xkms:RespondWith>%1Gwww.attack.org</xkms:RespondWith>
+ </xkms:StatusRequest>
+ </SOAP-ENV:Body>
+ </SOAP-ENV:Envelope>
output:
no_log_contains: "id \"920240\""
-
diff -ru ../coreruleset/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920280.yaml tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920280.yaml
--- ../coreruleset/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920280.yaml 2020-05-14 13:42:58.816442601 -0300
+++ tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920280.yaml 2021-03-17 20:41:25.145883706 -0300
@@ -44,4 +44,4 @@
User-Agent: "ModSecurity CRS 3 Tests"
output:
# Technically valid but Apache doesn't allow 0.9 anymore
- status: 400
+ status: [400]
diff -ru ../coreruleset/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920400.yaml tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920400.yaml
--- ../coreruleset/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920400.yaml 2020-05-14 13:42:58.817442608 -0300
+++ tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920400.yaml 2021-03-17 20:41:25.146883712 -0300
@@ -29,22 +29,22 @@
port: 80
uri: /
version: HTTP/1.1
- data:
- - '-----------------------------265001916915724'
- - 'Content-Disposition: form-data; name="file"; filename="test"'
- - 'Content-Type: application/octet-stream'
- - ''
- - Rotem & Ayala
- - ''
- - '-----------------------------265001916915724'
- - 'Content-Disposition: form-data; name="name"'
- - ''
- - tt2
- - '-----------------------------265001916915724'
- - 'Content-Disposition: form-data; name="B1"'
- - ''
- - Submit
- - '-----------------------------265001916915724--'
+ data: |
+ -----------------------------265001916915724
+ Content-Disposition: form-data; name="file"; filename="test"
+ Content-Type: application/octet-stream
+
+ Rotem & Ayala
+
+ -----------------------------265001916915724
+ Content-Disposition: form-data; name="name"
+
+ tt2
+ -----------------------------265001916915724
+ Content-Disposition: form-data; name="B1"
+
+ Submit
+ -----------------------------265001916915724--
output:
# Most web servers simply won't respond to invalid requests like
# like this they'll just time out when we get OR type checks
diff -ru ../coreruleset/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920420.yaml tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920420.yaml
--- ../coreruleset/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920420.yaml 2020-07-09 08:24:15.703645973 -0300
+++ tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920420.yaml 2021-03-17 20:41:25.146883712 -0300
@@ -91,21 +91,21 @@
port: 80
uri: /
version: HTTP/1.1
- data:
- - --0000
- - 'Content-Disposition: form-data; name="name"'
- - ''
- - John Smith
- - --0000
- - 'Content-Disposition: form-data; name="email"'
- - ''
- - john.smith@example.com
- - --0000
- - 'Content-Disposition: form-data; name="image"; filename="image.jpg"'
- - 'Content-Type: image/jpeg'
- - ''
- - BINARYDATA
- - --0000--
+ data: |
+ --0000
+ Content-Disposition: form-data; name="name"
+
+ John Smith
+ --0000
+ Content-Disposition: form-data; name="email"
+
+ john.smith@example.com
+ --0000
+ Content-Disposition: form-data; name="image"; filename="image.jpg"
+ Content-Type: image/jpeg
+
+ BINARYDATA
+ --0000--
output:
log_contains: id "920420"
-
@@ -130,21 +130,21 @@
port: 80
uri: /
version: HTTP/1.1
- data:
- - --0000
- - 'Content-Disposition: form-data; name="name"'
- - ''
- - John Smith
- - --0000
- - 'Content-Disposition: form-data; name="email"'
- - ''
- - john.smith@example.com
- - --0000
- - 'Content-Disposition: form-data; name="image"; filename="image.jpg"'
- - 'Content-Type: image/jpeg'
- - ''
- - BINARYDATA
- - --0000--
+ data: |
+ --0000
+ Content-Disposition: form-data; name="name"
+
+ John Smith
+ --0000
+ Content-Disposition: form-data; name="email"
+
+ john.smith@example.com
+ --0000
+ Content-Disposition: form-data; name="image"; filename="image.jpg"
+ Content-Type: image/jpeg
+
+ BINARYDATA
+ --0000--
output:
log_contains: id "920420"
-
@@ -169,21 +169,21 @@
port: 80
uri: /
version: HTTP/1.1
- data:
- - --0000
- - 'Content-Disposition: form-data; name="name"'
- - ''
- - John Smith
- - --0000
- - 'Content-Disposition: form-data; name="email"'
- - ''
- - john.smith@example.com
- - --0000
- - 'Content-Disposition: form-data; name="image"; filename="image.jpg"'
- - 'Content-Type: image/jpeg'
- - ''
- - BINARYDATA
- - --0000--
+ data: |
+ --0000
+ Content-Disposition: form-data; name="name"
+
+ John Smith
+ --0000
+ Content-Disposition: form-data; name="email"
+
+ john.smith@example.com
+ --0000
+ Content-Disposition: form-data; name="image"; filename="image.jpg"
+ Content-Type: image/jpeg
+
+ BINARYDATA
+ --0000--
output:
log_contains: id "920420"
-
diff -ru ../coreruleset/tests/regression/tests/REQUEST-921-PROTOCOL-ATTACK/921140.yaml tests/REQUEST-921-PROTOCOL-ATTACK/921140.yaml
--- ../coreruleset/tests/regression/tests/REQUEST-921-PROTOCOL-ATTACK/921140.yaml 2020-05-14 13:42:58.818442615 -0300
+++ tests/REQUEST-921-PROTOCOL-ATTACK/921140.yaml 2021-03-17 20:41:25.148883724 -0300
@@ -20,7 +20,7 @@
SomeHeader: "Headerdata\rInjectedHeader: response_splitting_code"
uri: "/"
output:
- status: 400
+ status: [400]
no_log_contains: "id:921140"
-
test_title: 921140-2
diff -ru ../coreruleset/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941110.yaml tests/REQUEST-941-APPLICATION-ATTACK-XSS/941110.yaml
--- ../coreruleset/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941110.yaml 2020-05-14 13:42:58.821442638 -0300
+++ tests/REQUEST-941-APPLICATION-ATTACK-XSS/941110.yaml 2021-03-17 20:41:25.148883724 -0300
@@ -104,8 +104,8 @@
Accept: "*/*"
User-Agent: ModSecurity CRS 3 Tests
Content-Type: application/x-www-form-urlencoded
- data:
- - var=%uff1cscript%u0020%uff1ealert%281%29%uff1c/script%uff1e
+ data: |
+ var=%uff1cscript%u0020%uff1ealert%281%29%uff1c/script%uff1e
output:
log_contains: id "941110"
-
@@ -124,8 +124,8 @@
Accept: "*/*"
User-Agent: ModSecurity CRS 3 Tests
Content-Type: application/x-www-form-urlencoded
- data:
- - var=%ef%bc%9cscript%20%ef%bc%9ealert%281%29%ef%bc%9c/script%ef%bc%9e
+ data: |
+ var=%ef%bc%9cscript%20%ef%bc%9ealert%281%29%ef%bc%9c/script%ef%bc%9e
output:
log_contains: id "941110"
-
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment