Last active
March 17, 2021 23:45
-
-
Save fzipi/b9e22b3834a5fa32970878c72775d41e to your computer and use it in GitHub Desktop.
Patch for the coreruleset tests so they can be used with go-ftw
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
diff -ru ../coreruleset/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920100.yaml tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920100.yaml | |
--- ../coreruleset/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920100.yaml 2020-07-09 08:24:15.700645956 -0300 | |
+++ tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920100.yaml 2021-03-17 20:41:25.140883675 -0300 | |
@@ -41,7 +41,7 @@ | |
uri: "/" | |
version: "HTTP/1.1" | |
output: | |
- status: 400 | |
+ status: [400] | |
- | |
# Perfectly valid OPTIONS request | |
test_title: 920100-3 | |
@@ -95,7 +95,7 @@ | |
uri: "www.cnn.com" | |
version: "HTTP/1.1" | |
output: | |
- status: 400 | |
+ status: [400] | |
- | |
# This is an acceptable CONNECT request for SSL tunneling | |
test_title: 920100-6 | |
@@ -226,7 +226,7 @@ | |
uri: / | |
version: HTTP/1.1 | |
output: | |
- status: 400 | |
+ status: [400] | |
- | |
test_title: 920100-13 | |
desc: Invalid HTTP Request Line (920100) - Test 2 from old modsec regressions | |
diff -ru ../coreruleset/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920120.yaml tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920120.yaml | |
--- ../coreruleset/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920120.yaml 2020-05-14 13:42:58.815442593 -0300 | |
+++ tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920120.yaml 2021-03-17 20:41:25.142883688 -0300 | |
@@ -22,13 +22,13 @@ | |
Connection: "close" | |
Referer: "http://localhost/" | |
Content-Type: "multipart/form-data; boundary=--------397236876" | |
- data: | |
- - "----------397236876" | |
- - "Content-Disposition: form-data; name=\"fileRap\"; filename=\"file=.txt\"" | |
- - "Content-Type: text/plain" | |
- - "" | |
- - "555-555-0199@example.com" | |
- - "----------397236876--" | |
+ data: | | |
+ ----------397236876 | |
+ Content-Disposition: form-data; name="fileRap"; filename="file=.txt" | |
+ Content-Type: text/plain | |
+ | |
+ 555-555-0199@example.com | |
+ ----------397236876-- | |
protocol: "http" | |
output: | |
log_contains: "id \"920120\"" | |
@@ -55,18 +55,18 @@ | |
port: 80 | |
uri: /cgi-bin/fup.cgi | |
version: HTTP/1.1 | |
- data: | |
- - '-----------------------------627652292512397580456702590' | |
- - 'Content-Disposition: form-data; name="fi=le"; filename="test"' | |
- - 'Content-Type: text/plain' | |
- - '' | |
- - 'email: security@modsecurity.org' | |
- - '' | |
- - '-----------------------------627652292512397580456702590' | |
- - 'Content-Disposition: form-data; name="note"' | |
- - '' | |
- - Contact info. | |
- - '-----------------------------627652292512397580456702590--' | |
+ data: | | |
+ -----------------------------627652292512397580456702590 | |
+ Content-Disposition: form-data; name="fi=le"; filename="test" | |
+ Content-Type: text/plain | |
+ | |
+ email: security@modsecurity.org | |
+ | |
+ -----------------------------627652292512397580456702590 | |
+ Content-Disposition: form-data; name="note" | |
+ | |
+ Contact info. | |
+ -----------------------------627652292512397580456702590-- | |
output: | |
log_contains: id "920120" | |
- | |
@@ -91,21 +91,21 @@ | |
port: 80 | |
uri: / | |
version: HTTP/1.1 | |
- data: | |
- - '-----------------------------265001916915724' | |
- - 'Content-Disposition: form-data; name="fi;le"; filename="test"' | |
- - 'Content-Type: application/octet-stream' | |
- - '' | |
- - Rotem & Ayala | |
- - '' | |
- - '-----------------------------265001916915724' | |
- - 'Content-Disposition: form-data; name="name"' | |
- - '' | |
- - tt2 | |
- - '-----------------------------265001916915724' | |
- - 'Content-Disposition: form-data; name="B1"' | |
- - '' | |
- - Submit | |
- - '-----------------------------265001916915724--' | |
+ data: | | |
+ -----------------------------265001916915724 | |
+ Content-Disposition: form-data; name="fi;le"; filename="test" | |
+ Content-Type: application/octet-stream | |
+ | |
+ Rotem & Ayala | |
+ | |
+ -----------------------------265001916915724 | |
+ Content-Disposition: form-data; name="name" | |
+ | |
+ tt2 | |
+ -----------------------------265001916915724 | |
+ Content-Disposition: form-data; name="B1" | |
+ | |
+ Submit | |
+ -----------------------------265001916915724-- | |
output: | |
log_contains: id "920120" | |
diff -ru ../coreruleset/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920160.yaml tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920160.yaml | |
--- ../coreruleset/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920160.yaml 2021-03-02 14:29:44.806797077 -0300 | |
+++ tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920160.yaml 2021-03-17 20:43:09.668523337 -0300 | |
@@ -22,7 +22,7 @@ | |
protocol: "http" | |
uri: "/" | |
output: | |
- status: 400 | |
+ status: [400] | |
- | |
# Non digit content-length with content-type | |
test_title: 920160-2 | |
@@ -41,7 +41,7 @@ | |
protocol: "http" | |
uri: "/" | |
output: | |
- status: 400 | |
+ status: [400] | |
- | |
# Mixed digit and non digit content length | |
test_title: 920160-3 | |
@@ -60,7 +60,7 @@ | |
protocol: "http" | |
uri: "/" | |
output: | |
- status: 400 | |
+ status: [400] | |
- | |
# Test is based in httpbin.org, so backend returns 405 if you are not posting to /post | |
# Apache auto corrects for this error now so the log should not contain anything | |
@@ -87,7 +87,7 @@ | |
version: HTTP/1.0 | |
data: abc | |
output: | |
- status: 200 | |
+ status: [200] | |
no_log_contains: id "920160" | |
- | |
test_title: 920160-5 | |
Only in tests/REQUEST-920-PROTOCOL-ENFORCEMENT: 920160.yaml.orig | |
Only in tests/REQUEST-920-PROTOCOL-ENFORCEMENT: 920160.yaml.rej | |
Only in tests/REQUEST-920-PROTOCOL-ENFORCEMENT: .920160.yaml.rej.swp | |
diff -ru ../coreruleset/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920181.yaml tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920181.yaml | |
--- ../coreruleset/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920181.yaml 2020-05-15 13:56:08.145460169 -0300 | |
+++ tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920181.yaml 2021-03-17 20:41:25.144883700 -0300 | |
@@ -22,12 +22,12 @@ | |
Content-Type: "application/x-www-form-urlencoded" | |
Transfer-Encoding: "chunked" | |
User-Agent: "ModSecurity CRS 3 Tests" | |
- data: | |
- - "7" | |
- - "foo=bar" | |
- - "0" | |
- - "" | |
- - "" | |
+ data: | | |
+ 7 | |
+ foo=bar | |
+ 0 | |
+ | |
+ | |
stop_magic: true | |
output: | |
# Apache unsets the Content-Length header if | |
diff -ru ../coreruleset/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920240.yaml tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920240.yaml | |
--- ../coreruleset/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920240.yaml 2020-05-14 13:42:58.816442601 -0300 | |
+++ tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920240.yaml 2021-03-17 20:41:25.145883706 -0300 | |
@@ -77,15 +77,15 @@ | |
Keep-Alive: "300" | |
Proxy-Connection: "keep-alive" | |
Content-Type: "text/xml" | |
- data: | |
- - "<SOAP-ENV:Envelope xmlns:SOAP-ENV=\"http://schemas.xmlsoap.org/soap/envelope/\" xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns:xsd=\"http://www.w3.org/2001/XMLSchema\" xmlns:ds=\"http://www.w3.org/2000/09/xmldsig#\">" | |
- - " <SOAP-ENV:Body>" | |
- - " <xkms:StatusRequest xmlns:xkms=\"http://www.w3.org/2002/03/xkms#\" Id=\"_6ee48478-fdd6-4d7d-b1bf-e7b4c3254659\" ResponseId=\"_c1c36b3f-f962-4aea-bfbd-07ed58468c9b\" Service=\"http://www.soapclient.com/xml/xkms2\">" | |
- - " <xkms:ResponseMechanism>http://www.w3.org/2002/03/xkms#Pending</xkms:ResponseMechanism>" | |
- - " <xkms:RespondWith>%1Gwww.attack.org</xkms:RespondWith>" | |
- - " </xkms:StatusRequest>" | |
- - " </SOAP-ENV:Body>" | |
- - "</SOAP-ENV:Envelope>" | |
+ data: | | |
+ <SOAP-ENV:Envelope xmlns:SOAP-ENV=\"http://schemas.xmlsoap.org/soap/envelope/\" xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns:xsd=\"http://www.w3.org/2001/XMLSchema\" xmlns:ds=\"http://www.w3.org/2000/09/xmldsig#\"> | |
+ <SOAP-ENV:Body> | |
+ <xkms:StatusRequest xmlns:xkms=\"http://www.w3.org/2002/03/xkms#\" Id=\"_6ee48478-fdd6-4d7d-b1bf-e7b4c3254659\" ResponseId=\"_c1c36b3f-f962-4aea-bfbd-07ed58468c9b\" Service=\"http://www.soapclient.com/xml/xkms2\"> | |
+ <xkms:ResponseMechanism>http://www.w3.org/2002/03/xkms#Pending</xkms:ResponseMechanism> | |
+ <xkms:RespondWith>%1Gwww.attack.org</xkms:RespondWith> | |
+ </xkms:StatusRequest> | |
+ </SOAP-ENV:Body> | |
+ </SOAP-ENV:Envelope> | |
output: | |
no_log_contains: "id \"920240\"" | |
- | |
diff -ru ../coreruleset/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920280.yaml tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920280.yaml | |
--- ../coreruleset/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920280.yaml 2020-05-14 13:42:58.816442601 -0300 | |
+++ tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920280.yaml 2021-03-17 20:41:25.145883706 -0300 | |
@@ -44,4 +44,4 @@ | |
User-Agent: "ModSecurity CRS 3 Tests" | |
output: | |
# Technically valid but Apache doesn't allow 0.9 anymore | |
- status: 400 | |
+ status: [400] | |
diff -ru ../coreruleset/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920400.yaml tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920400.yaml | |
--- ../coreruleset/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920400.yaml 2020-05-14 13:42:58.817442608 -0300 | |
+++ tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920400.yaml 2021-03-17 20:41:25.146883712 -0300 | |
@@ -29,22 +29,22 @@ | |
port: 80 | |
uri: / | |
version: HTTP/1.1 | |
- data: | |
- - '-----------------------------265001916915724' | |
- - 'Content-Disposition: form-data; name="file"; filename="test"' | |
- - 'Content-Type: application/octet-stream' | |
- - '' | |
- - Rotem & Ayala | |
- - '' | |
- - '-----------------------------265001916915724' | |
- - 'Content-Disposition: form-data; name="name"' | |
- - '' | |
- - tt2 | |
- - '-----------------------------265001916915724' | |
- - 'Content-Disposition: form-data; name="B1"' | |
- - '' | |
- - Submit | |
- - '-----------------------------265001916915724--' | |
+ data: | | |
+ -----------------------------265001916915724 | |
+ Content-Disposition: form-data; name="file"; filename="test" | |
+ Content-Type: application/octet-stream | |
+ | |
+ Rotem & Ayala | |
+ | |
+ -----------------------------265001916915724 | |
+ Content-Disposition: form-data; name="name" | |
+ | |
+ tt2 | |
+ -----------------------------265001916915724 | |
+ Content-Disposition: form-data; name="B1" | |
+ | |
+ Submit | |
+ -----------------------------265001916915724-- | |
output: | |
# Most web servers simply won't respond to invalid requests like | |
# like this they'll just time out when we get OR type checks | |
diff -ru ../coreruleset/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920420.yaml tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920420.yaml | |
--- ../coreruleset/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920420.yaml 2020-07-09 08:24:15.703645973 -0300 | |
+++ tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920420.yaml 2021-03-17 20:41:25.146883712 -0300 | |
@@ -91,21 +91,21 @@ | |
port: 80 | |
uri: / | |
version: HTTP/1.1 | |
- data: | |
- - --0000 | |
- - 'Content-Disposition: form-data; name="name"' | |
- - '' | |
- - John Smith | |
- - --0000 | |
- - 'Content-Disposition: form-data; name="email"' | |
- - '' | |
- - john.smith@example.com | |
- - --0000 | |
- - 'Content-Disposition: form-data; name="image"; filename="image.jpg"' | |
- - 'Content-Type: image/jpeg' | |
- - '' | |
- - BINARYDATA | |
- - --0000-- | |
+ data: | | |
+ --0000 | |
+ Content-Disposition: form-data; name="name" | |
+ | |
+ John Smith | |
+ --0000 | |
+ Content-Disposition: form-data; name="email" | |
+ | |
+ john.smith@example.com | |
+ --0000 | |
+ Content-Disposition: form-data; name="image"; filename="image.jpg" | |
+ Content-Type: image/jpeg | |
+ | |
+ BINARYDATA | |
+ --0000-- | |
output: | |
log_contains: id "920420" | |
- | |
@@ -130,21 +130,21 @@ | |
port: 80 | |
uri: / | |
version: HTTP/1.1 | |
- data: | |
- - --0000 | |
- - 'Content-Disposition: form-data; name="name"' | |
- - '' | |
- - John Smith | |
- - --0000 | |
- - 'Content-Disposition: form-data; name="email"' | |
- - '' | |
- - john.smith@example.com | |
- - --0000 | |
- - 'Content-Disposition: form-data; name="image"; filename="image.jpg"' | |
- - 'Content-Type: image/jpeg' | |
- - '' | |
- - BINARYDATA | |
- - --0000-- | |
+ data: | | |
+ --0000 | |
+ Content-Disposition: form-data; name="name" | |
+ | |
+ John Smith | |
+ --0000 | |
+ Content-Disposition: form-data; name="email" | |
+ | |
+ john.smith@example.com | |
+ --0000 | |
+ Content-Disposition: form-data; name="image"; filename="image.jpg" | |
+ Content-Type: image/jpeg | |
+ | |
+ BINARYDATA | |
+ --0000-- | |
output: | |
log_contains: id "920420" | |
- | |
@@ -169,21 +169,21 @@ | |
port: 80 | |
uri: / | |
version: HTTP/1.1 | |
- data: | |
- - --0000 | |
- - 'Content-Disposition: form-data; name="name"' | |
- - '' | |
- - John Smith | |
- - --0000 | |
- - 'Content-Disposition: form-data; name="email"' | |
- - '' | |
- - john.smith@example.com | |
- - --0000 | |
- - 'Content-Disposition: form-data; name="image"; filename="image.jpg"' | |
- - 'Content-Type: image/jpeg' | |
- - '' | |
- - BINARYDATA | |
- - --0000-- | |
+ data: | | |
+ --0000 | |
+ Content-Disposition: form-data; name="name" | |
+ | |
+ John Smith | |
+ --0000 | |
+ Content-Disposition: form-data; name="email" | |
+ | |
+ john.smith@example.com | |
+ --0000 | |
+ Content-Disposition: form-data; name="image"; filename="image.jpg" | |
+ Content-Type: image/jpeg | |
+ | |
+ BINARYDATA | |
+ --0000-- | |
output: | |
log_contains: id "920420" | |
- | |
diff -ru ../coreruleset/tests/regression/tests/REQUEST-921-PROTOCOL-ATTACK/921140.yaml tests/REQUEST-921-PROTOCOL-ATTACK/921140.yaml | |
--- ../coreruleset/tests/regression/tests/REQUEST-921-PROTOCOL-ATTACK/921140.yaml 2020-05-14 13:42:58.818442615 -0300 | |
+++ tests/REQUEST-921-PROTOCOL-ATTACK/921140.yaml 2021-03-17 20:41:25.148883724 -0300 | |
@@ -20,7 +20,7 @@ | |
SomeHeader: "Headerdata\rInjectedHeader: response_splitting_code" | |
uri: "/" | |
output: | |
- status: 400 | |
+ status: [400] | |
no_log_contains: "id:921140" | |
- | |
test_title: 921140-2 | |
diff -ru ../coreruleset/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941110.yaml tests/REQUEST-941-APPLICATION-ATTACK-XSS/941110.yaml | |
--- ../coreruleset/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941110.yaml 2020-05-14 13:42:58.821442638 -0300 | |
+++ tests/REQUEST-941-APPLICATION-ATTACK-XSS/941110.yaml 2021-03-17 20:41:25.148883724 -0300 | |
@@ -104,8 +104,8 @@ | |
Accept: "*/*" | |
User-Agent: ModSecurity CRS 3 Tests | |
Content-Type: application/x-www-form-urlencoded | |
- data: | |
- - var=%uff1cscript%u0020%uff1ealert%281%29%uff1c/script%uff1e | |
+ data: | | |
+ var=%uff1cscript%u0020%uff1ealert%281%29%uff1c/script%uff1e | |
output: | |
log_contains: id "941110" | |
- | |
@@ -124,8 +124,8 @@ | |
Accept: "*/*" | |
User-Agent: ModSecurity CRS 3 Tests | |
Content-Type: application/x-www-form-urlencoded | |
- data: | |
- - var=%ef%bc%9cscript%20%ef%bc%9ealert%281%29%ef%bc%9c/script%ef%bc%9e | |
+ data: | | |
+ var=%ef%bc%9cscript%20%ef%bc%9ealert%281%29%ef%bc%9c/script%ef%bc%9e | |
output: | |
log_contains: id "941110" | |
- |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment