Skip to content

Commit a67f6c8

Browse files
airweenairween
authored
Merge pull request #29 from Sebitosh/test-target-cookie
Test: target REQUEST_COOKIES - 059
2 parents 82bcf68 + 77b51ec commit a67f6c8

22 files changed

+1667
-15
lines changed

config_tests/CONF_059_TARGET_REQUEST_COOKIES.yaml

Lines changed: 76 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,76 @@
1+
target: REQUEST_COOKIES
2+
rulefile: MRTS_059_REQUEST_COOKIES.conf
3+
testfile: MRTS_059_REQUEST_COOKIES.yaml
4+
templates:
5+
- SecRule for TARGETS
6+
colkey:
7+
- - ''
8+
- - cookie1
9+
- - cookie1
10+
- cookie2
11+
- - /^cookie_.*$/
12+
operator:
13+
- '@contains'
14+
oparg:
15+
- attack
16+
phase:
17+
- 1
18+
- 2
19+
- 3
20+
- 4
21+
testdata:
22+
phase_methods:
23+
1: get
24+
2: post
25+
3: post
26+
4: post
27+
targets:
28+
- target: ''
29+
test:
30+
data: null
31+
input:
32+
headers:
33+
- name: Cookie
34+
value: foo=attack
35+
- target: cookie1
36+
test:
37+
data: null
38+
input:
39+
headers:
40+
- name: Cookie
41+
value: cookie1=attack
42+
- target: cookie1
43+
test:
44+
data: null
45+
input:
46+
headers:
47+
- name: Cookie
48+
value: cookie1=attack;cookie2=hello
49+
- target: cookie2
50+
test:
51+
data: null
52+
input:
53+
headers:
54+
- name: Cookie
55+
value: cookie2=attack
56+
- target: cookie2
57+
test:
58+
data: null
59+
input:
60+
headers:
61+
- name: Cookie
62+
value: cookie1=hello;cookie2=attack
63+
- target: /^cookie_.*$/
64+
test:
65+
data: null
66+
input:
67+
headers:
68+
- name: Cookie
69+
value: cookie_foo=attack
70+
- target: /^cookie_.*$/
71+
test:
72+
data: null
73+
input:
74+
headers:
75+
- name: Cookie
76+
value: cookie_bar=hello;cookie_foo=attack;cookie_foobar=world

generated/rules/MRTS_059_REQUEST_COOKIES.conf

Lines changed: 144 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,144 @@
1+
SecRule REQUEST_COOKIES "@contains attack" \
2+
"id:100116,\
3+
phase:1,\
4+
deny,\
5+
t:none,\
6+
log,\
7+
msg:'%{MATCHED_VAR_NAME} was caught in phase:1',\
8+
ver:'MRTS/0.1'"
9+
10+
SecRule REQUEST_COOKIES "@contains attack" \
11+
"id:100117,\
12+
phase:2,\
13+
deny,\
14+
t:none,\
15+
log,\
16+
msg:'%{MATCHED_VAR_NAME} was caught in phase:2',\
17+
ver:'MRTS/0.1'"
18+
19+
SecRule REQUEST_COOKIES "@contains attack" \
20+
"id:100118,\
21+
phase:3,\
22+
deny,\
23+
t:none,\
24+
log,\
25+
msg:'%{MATCHED_VAR_NAME} was caught in phase:3',\
26+
ver:'MRTS/0.1'"
27+
28+
SecRule REQUEST_COOKIES "@contains attack" \
29+
"id:100119,\
30+
phase:4,\
31+
deny,\
32+
t:none,\
33+
log,\
34+
msg:'%{MATCHED_VAR_NAME} was caught in phase:4',\
35+
ver:'MRTS/0.1'"
36+
37+
SecRule REQUEST_COOKIES:cookie1 "@contains attack" \
38+
"id:100120,\
39+
phase:1,\
40+
deny,\
41+
t:none,\
42+
log,\
43+
msg:'%{MATCHED_VAR_NAME} was caught in phase:1',\
44+
ver:'MRTS/0.1'"
45+
46+
SecRule REQUEST_COOKIES:cookie1 "@contains attack" \
47+
"id:100121,\
48+
phase:2,\
49+
deny,\
50+
t:none,\
51+
log,\
52+
msg:'%{MATCHED_VAR_NAME} was caught in phase:2',\
53+
ver:'MRTS/0.1'"
54+
55+
SecRule REQUEST_COOKIES:cookie1 "@contains attack" \
56+
"id:100122,\
57+
phase:3,\
58+
deny,\
59+
t:none,\
60+
log,\
61+
msg:'%{MATCHED_VAR_NAME} was caught in phase:3',\
62+
ver:'MRTS/0.1'"
63+
64+
SecRule REQUEST_COOKIES:cookie1 "@contains attack" \
65+
"id:100123,\
66+
phase:4,\
67+
deny,\
68+
t:none,\
69+
log,\
70+
msg:'%{MATCHED_VAR_NAME} was caught in phase:4',\
71+
ver:'MRTS/0.1'"
72+
73+
SecRule REQUEST_COOKIES:cookie1|REQUEST_COOKIES:cookie2 "@contains attack" \
74+
"id:100124,\
75+
phase:1,\
76+
deny,\
77+
t:none,\
78+
log,\
79+
msg:'%{MATCHED_VAR_NAME} was caught in phase:1',\
80+
ver:'MRTS/0.1'"
81+
82+
SecRule REQUEST_COOKIES:cookie1|REQUEST_COOKIES:cookie2 "@contains attack" \
83+
"id:100125,\
84+
phase:2,\
85+
deny,\
86+
t:none,\
87+
log,\
88+
msg:'%{MATCHED_VAR_NAME} was caught in phase:2',\
89+
ver:'MRTS/0.1'"
90+
91+
SecRule REQUEST_COOKIES:cookie1|REQUEST_COOKIES:cookie2 "@contains attack" \
92+
"id:100126,\
93+
phase:3,\
94+
deny,\
95+
t:none,\
96+
log,\
97+
msg:'%{MATCHED_VAR_NAME} was caught in phase:3',\
98+
ver:'MRTS/0.1'"
99+
100+
SecRule REQUEST_COOKIES:cookie1|REQUEST_COOKIES:cookie2 "@contains attack" \
101+
"id:100127,\
102+
phase:4,\
103+
deny,\
104+
t:none,\
105+
log,\
106+
msg:'%{MATCHED_VAR_NAME} was caught in phase:4',\
107+
ver:'MRTS/0.1'"
108+
109+
SecRule REQUEST_COOKIES:/^cookie_.*$/ "@contains attack" \
110+
"id:100128,\
111+
phase:1,\
112+
deny,\
113+
t:none,\
114+
log,\
115+
msg:'%{MATCHED_VAR_NAME} was caught in phase:1',\
116+
ver:'MRTS/0.1'"
117+
118+
SecRule REQUEST_COOKIES:/^cookie_.*$/ "@contains attack" \
119+
"id:100129,\
120+
phase:2,\
121+
deny,\
122+
t:none,\
123+
log,\
124+
msg:'%{MATCHED_VAR_NAME} was caught in phase:2',\
125+
ver:'MRTS/0.1'"
126+
127+
SecRule REQUEST_COOKIES:/^cookie_.*$/ "@contains attack" \
128+
"id:100130,\
129+
phase:3,\
130+
deny,\
131+
t:none,\
132+
log,\
133+
msg:'%{MATCHED_VAR_NAME} was caught in phase:3',\
134+
ver:'MRTS/0.1'"
135+
136+
SecRule REQUEST_COOKIES:/^cookie_.*$/ "@contains attack" \
137+
"id:100131,\
138+
phase:4,\
139+
deny,\
140+
t:none,\
141+
log,\
142+
msg:'%{MATCHED_VAR_NAME} was caught in phase:4',\
143+
ver:'MRTS/0.1'"
144+

generated/rules/MRTS_110_XML.conf

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,5 @@
11
SecRule XML:/* "@beginsWith foo" \
2-
"id:100116,\
2+
"id:100132,\
33
phase:2,\
44
deny,\
55
t:none,\
@@ -8,7 +8,7 @@ SecRule XML:/* "@beginsWith foo" \
88
ver:'MRTS/0.1'"
99

1010
SecRule XML:/* "@beginsWith foo" \
11-
"id:100117,\
11+
"id:100133,\
1212
phase:3,\
1313
deny,\
1414
t:none,\
@@ -17,7 +17,7 @@ SecRule XML:/* "@beginsWith foo" \
1717
ver:'MRTS/0.1'"
1818

1919
SecRule XML:/* "@beginsWith foo" \
20-
"id:100118,\
20+
"id:100134,\
2121
phase:4,\
2222
deny,\
2323
t:none,\

0 commit comments

Comments
 (0)